If you're the only who logs in, add this to .htaccess:
<Files wp-login.php>
order deny,allow
allow from 12.34.56.78
deny from all
</Files>
change the IP address to your home IP address. That'll stop your site from getting hammered by login attempts. And that's about all you can do once someone gets it in their head to brute force a login.