Running it on a different port is only protection against random attacks (sweeping ip addresses looking for common passwords). This seems much more like a targeted attack, someone took the time and effort to try to get in. A small port scan isn't hard, and will get around changing the port. Of course, the other things you've listed are solutions for this.

I was just posting a single option to complement the other comments.