If no modifications are made to your website, an intruder can make an unlimited number of incorrect logins to your website. Some people use a massive dictionary of password to keep trying and trying until one may work to login to your site – this is a brute force password attack.
One of the best ways to prevent this from happening, is to install a plugin that limits the number of incorrect logins to your website from a specific IP address. Doing this will make brute force attacks a lot harder.
WPChef have a plugin (available here) that just needs installing and activating to give you a simple options dashboard that can be located under the settings tab from your WordPress dashboard:
You can set the number of login attempts to whatever number you wish and over a set period of time. There is also a possibility to increase the lockout time if they have been locked out a set number of times too. With the option to be emailed once someone is locked out, this little plugin is an essential to help keep your WordPress site secure from brute force password attacks.