I didn't check TB's perishablepress link but it looks like a "honey pot" to take bad requests into a "sandbox" where they can try an infinite set of links and remain in the "sandbox" (away from your admin files). There are "honey pots" which have been around for some time (i.e., Google to find one which suits you).
I prefer TB's method of adding a deny line in the .htaccess and have done that in an automated fashion on one website. Anyone entering what looks like a good directory (like WP's admin - assuming that you've renamed the actual admin directory according to the installation directions) where ANY attempt to access the directory will cause the IP address to be captured and added to the DocumentRoot's .htaccess (in another line in the allow,deny block as shown above).
Before going to any extreme like that, though, be SURE that you're using an horridly complex (http://strongpasswordgenerator.com) password for every account with access to the WP manager (as well as your WHM/cPanel and FTP - telnet, too, if you allow it to be used despite all recommendations I've seen).
If you're worried about someone having gotten in, search SitePoint for my article on a daily CRON comparing file hash values. Because they should NEVER change (unless you've patched/updated WP), any change or addition will highlight a probable malware addition to your code (meaning that you've got to check your database for additional ADMIN users AND DELETE all executable files -- at least all .html, .js and .php files -- THEN upload the ones from your MASTER set to restore your website quickly).