Brute force attacks on Magenta administration are also very common issue, like with WordPress, well maybe a little less :). If you can’t lock your administrations on specific fixed IP addresses, than you can probably lock administration so that is accessible only from your country. Russia and China for example, are countries from which those kind of attacks are very common. So it is good idea to block them.
For this example, I’m doing this on Apache 2.4 with GeoIP module installed. Before you proceed, you should have installed geoip.
To have Magento administration accessible only from Germany (for example), add code bellow to your apache vhost configuration. This geoip was installed on CentOS 7, you should change path to GeoIP.dat accordingly to your installation. You should also change country code to the one that you want access from.
GeoIPEnable On GeoIPDBFile /usr/share/GeoIP/GeoIP.dat
RewriteEngine on RewriteCond %{ENV:GEOIP_COUNTRY_CODE} !^DE$ RewriteCond %{REQUEST_URI} ^/(index.php/)?admin/? [NC] RewriteRule .* - [R=403,L]