Unfortunately this attack is coming from up to 90,000 IP addresses so while those plugins are a good idea it won't solve the issue completely.
From what I have read they are going after the username "admin" + plus variations on that and all the obvious passwords. So choosing a more secure username and password is the first step. There is another article here with some tips on how to guard against the attack;
http://ithemes.com/2013/04/15/ongoin...and-solutions/