Recently there have been widespread reports of WordPress sites being hacked. Because WordPress doesn’t limit login attempts, hackers can use “brute force” hacking attempts by trying millions of username and password combinations. The installation of the “Limit Login Attempts” plugin will help keep your WordPress site(s) safe. The plugin blocks an Internet address from making further attempts after a specified limit. There is also a provision to have the site administrator notified by email after a specified number of unsuccessful login attempts. Thanks to Zach Swinehart for this tip.
UPDATE: Since I installed the plugin on this blog there have been almost 100 failed login attempts.