Most of the systems I develop have a CMS or Backoffice system to manage the frontend, until now, I have placed the system files in obvious directories such as www.site.com/admin or www.site.com/backoffice, which constitutes an obvious security risk.
Besides renaming the directory where the system files are deposited, is there a better approach?
What is this obvious security risk you are talking about? If your authentication to your administrative areas is so broken that you need security through obscurity to protect it. Then you are doing it all wrong. Fix the real problem, do not hide them.
Well as long as they don’t get in, then there is not much to worry about. I would, depending on what kind of firewall you have, set it up to block connections from the same IP if it makes a lot of connection within a short time frame. That stops most misbehaving bots from working properly.