After reading on the SANS website about a dirty process of using distributed wordpress as from here. One of the ways to make sure that the user cannot keep on trying to use brute force to access your site is to set the password randomly, I use this website pctools which comes up with a very nice password for you.
Also within the brute force attach they are using the username of admin to try and login so you could change the admin username.
update wp_users set user_login = '
' where user_login = 'admin';
Of course if you have setup the pre table name of wp_ instead it would be users table name.