How to prevent attacks on WordPress wp-login.php page

How would I go about adding a password to a single file?

Add this to WP's current .htaccess:

<FilesMatch "wp-login.php">
    AuthName "WordPress Admin"
    AuthType Basic
    AuthUserFile /path/to/.htpasswd
    require valid-user
</FilesMatch>

bad behavior can block out some known malicious IP addresses. it works together with ProjectHoneyPot and keeps bad IPs out of your webpage before it's even fully loaded...

also, there is a way to hide your login page using .htaccess
lock out everyone attempting to login more than a few times as already pointed out by Jimmy

and besides that you should probably enforce the following practises:

• don't use admin account (create another account with admin privileges, but with a different username than admin and then remove the default admin account)
• force using SSL
• use strong passwords

create a .htaccess rule for the wp-admin directory and set it to either a set list of IP's or a user/pass combo. You don't want to start hacking wordpress if you can avoid it as the next upgrade will just undo your changes, and setting it at the Apache .htaccess level will be a lot more effective than trying to patch wordpress.