I have had quite a few issues with hacks on my website http://www.tantric-massage-london.co.uk. So far I have added an authorisation code to the wp-login screen although have recently been told by a friend that they have been hacked even with this running.
I have identified 2 other plugins that I think will help. One is to rename login.php and another is to disable xmlrpc.php. With everything updated all the time and latest version should this combination be more or less 100% effective....or are we missing something ? ie. some better security