Here is a quick demo using WPScan to brute force into a plain old WordPress install. The concept is to show how trivial it is using open source and readily available tools to brute force a WordPress site.
Using the Whitelist Feature for Admin Panel
Easily whitelist IP addresses authorized to access your application admin panel through Sucuri CloudProxy
Configure Remote and Server Scanning
A quick tour of configuring your Sucuri monitoring with Tony Perez,
Enabling SSH Access with Bluehost
Here’s a quick video guiding you through setting up SSH Access on Bluehost.
WordPress Security Webinar
WordPress Security Webinar by Dre Armeda of Sucuri and hosted by iThemes