it's could be apply not just to wordpress. But to any or all blog platform that may be installed right into a server and shared host. so, Where do you turn via PHP coding or pluggin or any approach to secure your installation ?

Standing on a shared host is really a bad limitation. Jetski from you against setting up an internet application firewall like Mod_Security.

Here is a listing of things you can do to harden your Wordpress installation.

I guess you can customize the .htaccess file to deny permission to /wp-admin* when the Ip does not match yours.

Limit use of ftp. With this, upload to server file .ftpaccess, and paste following code:

<Limit ALL>
Deny from all
Allow from Your.IP.Address
</Limit>


Also, limit use of most significant files (like wordpress-login.php), uploading within the same folder file .htaccess:

<Files "wp-login.php">
Order Deny,Allow
Deny from all
Allow from Your.IP.Address
</Files>