This might be dumb to ask, but would security through obscurity work? I know it's not a high level solution, but would hiding all of the obvious routes one can login/adminster WP be one way to stop attacks? Is there a good solution in WP to change URL to login/admin pages?