A built in method to change default wp-(admin|login|content |etc).* i.e. "entry paths" would be nice.
So at least wordpress users don't have HUGE, easy to identify targets. Point, everyone knows that wp-login.php is wordpress. Once attacker gets a 304 response, it's off to the races.
Your point, Mr. Epstein, (in this link: http://wordpress.org/ideas/topic/let-users-choose-name-of-wp-loginphp-to-prevent-bot-based-password-attacks#post-26351) is missing the point. An attacker can smell the 404 and move on or try, as you say to continue to probe. But, then, they will not know if target site is WordPress or not. Will they.
If attacker gets the 304 or 200 they have a WordPress site they can ply their trade against. Endless hits.
If they (names of entry paths) would be distributed (customizable by end user) they would be less profitable to bad guys.
As it stands now, wordpress users are, proverbially, the side of a barn that can't be missed.
I drive a truck in the USA for my REAL living (It finances my blogging habit ;) ) and we call the State Police a nickname. Bears. We truckers have a saying, "Don't feed the bears!" In other words don't do stuff that is going to get you pulled over and given a "Safety Certificate" (ticket and fine).
Personally, I understand that it's free software. The wp is branding. That's the reason. You can deny it but there it is. But you are just feeding the Bears and I wish the WordPress Team would help us out here.
I run nginx and have followed every hardening tip out there, but with nginx some of rename plugins don't work well. Be neat to just have some access to functions to just rename the target pages that work at core. If there are some, let me know!