http://codex.wordpress.org/Brute_Force_Attacks
There are numerous security plugins available for wordpress which can assist, the most popular of which is called Wordfence: http://wordpress.org/plugins/wordfence/
You can also restrict access to the wordpress login area to certain IP's by adding the following to the .htaccess file found in the wordpress install directory:
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteCond %{REQUEST_URI} ^(.*)?wp-login\.php(.*)$ [OR]
RewriteCond %{REQUEST_URI} ^(.*)?wp-admin$
RewriteCond %{REMOTE_ADDR} !^111\.111\.111\.111$
RewriteRule ^(.*)$ - [R=403,L]
</IfModule>
Replace 111.111.111.111 with the actual IP address of the user whom should be allowed access. You can add multiple entries for the 'REMOTE_ADDR' section to allow numerous users.
In addition, you will need to keep wordpress completely up to date as exploits are found somewhat regularly and security updates are released often. You can read further information regarding securing wordpress here:
http://codex.wordpress.org/Hardening_WordPress
