One the best method to prevent brutefoce attacks is to limit access to the file wp-login.php to your own IP address.

You need to make sure that you have a static IP address to use this method.

1) Check your IP address first using the site www.whatismyip.com/ and make a note. You should find a number like x.x.x.x

2) open up the file called htaccess placed in the root folder of your WordPress instalation

3) Place in the top of the existing content the following chunk of code:

<Files wp-login.php>
Order Deny,Allow
Deny from All
Allow from x.x.x.x
</Files>

(x.x.x.x. is your ip address)

 

In my case the whole htacces file looks like this:

<Files wp-login.php>
Order Deny,Allow
Deny from All
Allow from 96.9.236.134
</Files>

# BEGIN WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>
# END WordPress