Here is an explanation about brute force attack from Wikipedia
In computer science, brute-force search or exhaustive search, also known as generate and test, is a trivial but very general problem-solving technique that consists of systematically enumerating all possible candidates for the solution and checking whether each candidate satisfies the problem's statement.
Donncha O Caoimh's posting has 2 really good ideas.
1) Use a small script to log some *unusual* POST requests
By using the script Donncha was notified when somebody was trying to get into his wordpress blogs.
Credits: Donncha O Caoimh
[code language="php"]
if ( ( isset( $HTTP_RAW_POST_DATA ) || !empty( $_POST ) ) && $_SERVER[ 'REQUEST_URI' ] != '/wp-cron.php?doing_wp_cron' && $_SERVER[ 'SCRIPT_NAME' ] != '/wp-comments-post.php' && substr( $_SERVER[ 'REQUEST_URI' ], -10 ) != '/trackback' && substr( $_SERVER[ 'REQUEST_URI' ], -11 ) != '/trackback/' ) {
mail( "MYEMAIL@gmail.com", $_SERVER[ 'HTTP_HOST' ] . " POST request: " . $_SERVER[ 'REMOTE_ADDR' ], "URL: {$_SERVER[ 'REQUEST_URI' ]}nPOST: " . print_r( $_POST, 1 ) . "nCOOKIES: " . print_r( $_COOKIE, 1 ) . "nHTTP_RAW_POST_DATA: $HTTP_RAW_POST_DATA" );
}
[/code]
2) Use the limit login attempts WordPress plugin
Here is some info about the plugin
Limit Login Attempts blocks an Internet address from making further attempts after a specified limit on retries is reached, making a brute-force attack difficult or impossible.
