I do not bother with doing any IP address stuff with the wp-admin folder since it is already protected with Login Authentication security protection.
I do not bother with moving the wp-config.php file either since AutoRestore/Quarantine and several other security measures in BPS Pro are protecting the wp-config.php file already.
The only additional thing that I recommend that folks do is to install a Login Protection plugin that protects against Brute Force login password cracking. This is the plugin I recommend to folks – Theme My Login.