In recent days my server has become prey to ever-more brute-force attacks against Wordpress instances. This is a total pain, although they’re unlikely (touch wood) to succeed given the complexity of the passwords I tend to deploy and non-standard account names. That said, I got tired of this and wanted to figure out how to block them. The biggest problem I encountered is that some of these password-guessing attacks were coming from a botnet.