Hi all, I use a plugin LoginLockdown to record the IP address and timestamp of every failed WordPress login attempt. If more than a certain number of attempts detected in a short time from the same IP range, then the login function is disabled for all requests from that range. This helps to prevent brute force password discovery. That way it seems hackers are trying to enter the business carelessly can be prevented, hopefully ... To get the plugin you can download at : http://www.bad-neighborhood.com/login-lockdown.html Cheers ...
Very nice plugin, However it would lock you down when a someone in your network tries to login multiple time. Most people using shared IP from the Operator and banned IP for doing bad login will cause terrible result. If you use shared IP from operator, pray no one in your IP range doing 'bad login' to your site. Try to: Hide your login page. If it fails, try to add token after question-mark. Redirect anyone whom try to open login page to somewhere else. It is best to send them to alien sites. Sending them to legal sites which observe spammer is good idea. Never ever send them to sites which has viruses as it will make the attacker losing control over their computer. One of my sites receives almost thousand of daily bad logins from various IP few months ago. Luckily they didn't want to attack my site anymore. It seems they were happy visiting 'alien sites'.
Thanks for share, i was use Limit Login Attempts that you can get from here hxxp://wordpress.org/plugins/limit-login-attempts/
Using your mentioned plugin is good idea. however, when attacker using Dynamic IP, it will be less useful. If by chance the attacker using shared IP in your network, there is high chance you will be unable to login due to IP rotation by your operator. Limiting the login didn't stop the attacker from doing the attack. It just reduce it as low as possible. However, that is a good plugin to limit the unwanted login attempt.