My server's been the subject of brute force attacks for the last two days, enough to require a re-boot. My hosting service says the most accessed page was wp-login.php.
My question is, is there a simple, authoritative source that I can consult to ensure I'm doing everything I should be doing to protect my WPMU site?
Second, I see adds for WP security plugins. Does anyone have any thoughts concerning these, are they worth it?