A few other thoughts spring to mind but obviously your server should have an up to date firewall and you should make use of server side facilities like protection against brute force attacks. After that:
I would avoid a php contact page and possibly use something like Doobox html contact form http://www.doobox.co.uk/stacks_store/demos/htmlcontact.html
Next ensure that your .htaccess file is secured.
If you have folders with miscellaneous content that you would rather keep hidden pop a blank plain text file in the folder called index.html. That will stop people from simply viewing the entire contents of a folder because they will need the precise file names for each piece of content, otherwise they’ll just hit a 404 error message.
Finally you should consider something like CloudFlare that will block an awful lot of attempts before they even reach your site.