In order to protect your WordPress installation the following steps are mandatory.
Step 1: Read this post from Matt Cutts on protecting your WordPress installation. If you don’t know what the .htaccess file is or does – read this or this.
Step 2: If you have access t0 cPanel or any other hosting management script installed – login to your hosting management console and turn off indexes for your web directory. If you don’t know what I am talking about – make sure you repeat step 2 from the article mentioned above for all folders where no index.php file exists.
Step 3: Instead of denying IPs you can simply password-protect the /wp-admin/ directory. On my installations it has weird effect of redirecting straight to index page instead of asking for login/password. Even better – no password to remember and you still can use one of the blog editors to upload content.