When a new install of WordPress is set up, the user is given the option to create an admin username and password.
If the user goes with the default username of "admin" they end up exposing themselves to a high frequency of brute force attacks.
Changing the admin username helps for a while.
We've discovered that using a plugin like http://wordpress.org/plugins/rename-wp-login/ or changing the admin path in .htaccess can help quite a lot as well.
Would it be worth exploring adding a field in the initial setup of WP to set the administration URL path?