Also, you might want to put a list of bad IPs in your Banned Users section.
My website was under attacked by login attempts many times everyday. So I installed a plugin to view the visitors' IPs. After some months of careful analyzing the data, now I have a list of the bad IPs.
By putting the list into the Banned Users, my website now never visited by brute force login attackers. You can get the list on this thread:
http://wordpress.org/support/topic/how-to-ban-admin-logins