The greatest hack focus on a WordPress site seems to be trying to log in with the default username «admin». This plugin detects all login attempts with that username and exits with a 403 Forbidden header. This should eventually discourage login bots from continuing to pound your site.
All attempts are logged inside the /wp-content/plugin-data folder, just in case you need the info. Logs are kept for up to 30 days.
Te puedes descargar este plugin para utilizarlo en tu sitio de .