Allow me to shoot a couple of scare tactics your way since scare tactics seem to be what drives some people to take rename your login url to secure your wordpress website a little more seriously, or at the very least start thinking about the issue.
Backup plug-ins is also important. You want to backup all the files and database so in case of a sudden attack, you can bring back your own blog like nothing.
In case you ever wish to migrate your website elsewhere, such as a new web host, you'd be able to pull this off without a hitch, and also without review having to disturb your old site until the new one was set up and ready to roll.
What if you visit WP-Content/plugins, can you view that folder? If so, upload that blank Index.html file into that folder as well so people can not view what plugins you might have. Because even if your version of WordPress is up to date, if you're using an old plugin or a plugin using a security hole, then someone can use this to get access.
Implementing all of the above will take less than an hour to finish, while creating your WordPress website considerably more resistant to intrusions. Over 1 million WordPress sites were this past year, mainly due to preventable safety gaps. Have yourself prepared and you're likely to be on the safe side.