@motorskillz - thanks for the suggestion but I can't replicate this and anyway it seems an odd way of handling a page not found ?!?
Actually, I use the "rename wp-plugin" too AND I've noticed, just in the last two days after several months of peace, that the hackers seem to have hacked that too (or at least they've found a way of hitting wp-login.php directly) and I'm now getting the same old steady steam of attempted logins to the 'admin' user.
I've set up Wordfence to block their IP for a while (hardly a deterrent) and of course, deleted the admin user, but I guess I'll just revert to renaming wp-login.php to some random string and hope that it puts them off for a while. Some hope!