I've already done most of the things recommended to protect a blog.
Deleted the 'admin' account - check
Installed 'Limit Login Attempts' plugin - check
Create a strong password for the superuser account - check
I am wondering whether its worth changing the login URL to
something obscure like http://www.mydomain.com/tceruwq.php (for example) to
through hackers off the scent.
I read a comment that it helps security a bit, but not MUCH.
Why is that? Are there ways and means of finding out your new login URL regardless?