I have been hacked not the biggest revelation that any web person has ever uttered but answering my customers “why me?” is a lot harder to answer. Boredom by kids that think that this is proper programming, because I am on American servers who knows. These are the plugins that I have used to help fend off the brute force attacks not the complete set up but just enough so that you can sleep at night.
Lock down your login.php page with limit logins plugins:
Limit the number of login attempts possible both through normal login as well as using auth cookies.
By default WordPress allows unlimited login attempts either through the login page or by sending special cookies. This allows passwords (or hashes) to be brute-force cracked with relative ease.
These help you to make sure that your passwords are strong and that you have not left anything in plain sight. Choose the plugin that suits your site and there are many more options on WordPress.Org.
WP Security scan
WP Security Scan checks your WordPress website/blog for security vulnerabilities and suggests corrective actions
Better WP Security
Better WP Security takes the best WordPress security features and techniques and combines them in a single plugin thereby ensuring that as many security holes as possible are patched without having to worry about conflicting features or the possibility of missing anything on your site.
Secure WordPress beefs up the security of your WordPress installation by removing error information on login pages, adds index.html to plugin directories, hides the WordPress version and much more.