I was very pleased to get approached by WP Engine to ask if they could add my plugin, Stop User Enumeration, to their recommended plugin list. Apparently this came from their security team, which is great feedback as far as I’m concerned.
WP Engine is a managed WordPress service, and the advantage Stop User Enumeration has over other security plugins is it doesn’t reference the WP database to check IP breach history, instead it logs attempts directly to the server logs, which then can be interpreted by system software that can decide to block IP addresses directly at the firewall, removing attack load from the servers.
The most popular log analysis / firewall software is Fail2Ban. I will write more about this later, but please leave comments if you want any further information or advice.