All of my websites have been a mess this weekend as there has a been a worldwide brute force attack occurring for several days on WordPress admin accounts. I avoid most of the common mistakes (using the default user name, simple passwords, etc) so I don't think anyone has breached a site but the constant calls of the login function acts effectively like a DDOS attack, flattening my server.
I have put in place some extra code to detect brute force attacks and temporarily and even permanently ban IP's. Since attackers don't just sit in a single IP in Russia any more but use shifting and spoofed IP's, you may at some point find yourself locked out. Email me if that happens.