If you’ve ever wanted a tour through the internals of a WordPress brute force attack, this is the post for you. Tony Perez, of Sucuri, uses an example attack to teach about what happens during such an attack. Tony also gives some practical advice for preventing this sort of attack from happening to you.
It may seem tough, but he does a great job making this easy to understand, so I recommend you get focused and give it a read. I learned a couple things for sure.
My plugin may help. Try it(http://www.b2beservices.com/files/Securitron_v1_0_1.zip).