You can read this my article for hiding your Joomla back-end or use my plugin called V4 Security (support Joomla 3.x, 2.x). You can download it here. Below are its features and illustrate images.
1. Backend Protection
If you key Login Token here (e.g. hung123, you must access your back-end via a URL like: your_site/administrator/?hung123).You also can set a Redirect URL if someones go to the URL your_site/administrator (without token). I think you should set an URL of a 404 page here.
2. Login Attempts
If you enable this function and specify Max attempts number here (e.g. 3), any user will be locked after 3 times of failed login.
3. Password Complexity
In this function, you will config for the password rule in your web site. You can select to apply on Frontend, Backend or both. This function may be useful if you use Joomla to build a social network or an intranet for your company.Hope this plugin can help you have well sleep when running Joomla -:)
Do you have any things else? Any comment is welcome.