Well, it turns out that the majority of exploits (brute force or not) we've seen against WordPress-based web sites would be stopped by simply using HTTP-based authentication. Now this is nothing new, and other people have written it up or made plugins. But they require that one make the changes manually. Our version does the following in 2 easy steps with a button-click for each —
1. Create an .htpasswd file with desired login and password.
2. Create the relevant .htaccess file to reference the above file and secure the directory.
It should not result in any problems; but if it does blow up for whatever reason, you may simply delete the .htaccess file it created.
0. Install and activate plugin.
2. Click "Install .htpasswd file."
3. Click "Install .htaccess file."