Advise clients using WP to ALWAYS Password Protect their WP admin folder, as recommended by WordPress:
http://codex.wordpress.org/Hardening_WordPress#Securing_wp-admin
This, along with CAPTCHA implementation, should take care of most brute-force attacks. Don't forget to also advise your clients to FULLY
secure WP, as well... There are many tutorials and guides available on the web, and most methods are very easy to implement. WP can be very secure, if you know what you're doing! One plugin that I always recommend (and use) is "
Better WP Security" (even has built-in brute-force prevention) :
http://wordpress.org/extend/plugins/better-wp-security/
A comprehensive and detailed KnowledgeBase + regular notices/emails (automated or manual) to each of your clients can do wonders as a pre-emptive measure to protect your customers and servers. You'd be surprised at how many of your customers will actually listen to YOUR advise (use this!).
As their web host, they see you as a leading expert in the hosting field, this is why they signed up with your company in the first place. Therefore, any advise you can give your clients, specially if it helps protect their website, will be noticed.
Our upstream provider notifies us of any outdated WP installation on the servers, we then pass this info to the client, manually, and in a more personal manner.
We inform them of the dangers of running outdated scripts (specially WP) and then show them how to fix the problem. We setup a KB article on our website to help customers secure their WP sites. This info is freely available on the web, we simply facilitated the search for our clients. :thumbup:
