Firstly, if you custom build the website instead of buying or using a typical
WP one, then you can hide loads of stuff, also use pretty urls in permalinks to hide all the gumpf you normally see and of course, if you think
WP-ADMIN is easy to hack, you are not configuring the file and folder permissions correctly... they should not be even visible to any net user or browser except the authorised persons.
Try this...
RewriteEngine On
RewriteBase /
RewriteCond %{REQUEST_URI}
wp-admin/
RewriteCond %{QUERY_STRING} !YOURSECRETWORDHERE
RewriteRule .*\.php [F,L]
RewriteCond %{QUERY_STRING} !YOURSECRETWORDHERE
RewriteRule ^ADMINFOLDER/(.*)
wp-admin/$1?%{QUERY_STRING}&YOURSECRETWORDHERE [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]