How to Protect your WordPress from Mass WordPress Brute Force Attacks
This WordPress botnet has over 90,000 IP addresses so limiting the number of logins, or login throttling plugins are not the best solution. Once a botnet IP address is blocked, it will automatically try from another IP. Such botnet has the capability of launching a login from a different IP every second for over 24 hours.
How to protect your WordPress from brute force attacks? (Part I)
“Brute force attack” sounds like someone crashing into your website, and reality is not very different from that image. A brute force attack occurs when a computer manages to identify the user name of the administrator, owner or users of other types of profile. The next thing he does is to automatically try to access the web by guessing the password and for this they use dictionaries of more than 10 GB that contain passwords, which in turn are randomly combined again and again.