Here is a quick demo using WPScan to brute force into a plain old WordPress install. The concept is to show how trivial it is using open source and readily available tools to brute force a WordPress site.
Configure Remote and Server Scanning
A quick tour of configuring your Sucuri monitoring with Tony Perez,
Sucuri Welcome Intro
Learn how to quickly add websites for monitoring in the Sucuri Dashboard
Quickly apply your preferred alert types so you’re in the know when something bad happens to your website