Some might say that a SSH blacklist daemon might help, but it only increases the time taken for a brute force attempt, and is of no use against a botnet trying to brute force the ssh login.

There are plenty of things that can be done to lock down the ssh server, and restricting it to only publickey is by far one of the most effective, counting that the resource (the server) you're protecting is pretty important.

Plenty of interesting IPs/hosts in this list, take a look if you're really interested, heh.

reverse mapping checking getaddrinfo for 93.184.69.3.vnet.sk [93.184.69.3] failed - POSSIBLE BREAK-IN ATTEMPT! : 237 time(s)
reverse mapping checking getaddrinfo for 95-128-245-59.wiseweb.ru [95.128.245.59] failed - POSSIBLE BREAK-IN ATTEMPT! : 567 time(s)
reverse mapping checking getaddrinfo for h-69-3-215-11-static.lsanca54.covad.net [69.3.215.11] failed - POSSIBLE BREAK-IN ATTEMPT! : 543 time(s)
reverse mapping checking getaddrinfo for iodc-74-206-96-142.ioconnect.net [74.206.96.142] failed - POSSIBLE BREAK-IN ATTEMPT! : 6 time(s)
reverse mapping checking getaddrinfo for 202-153-191-246-static.unigate.net.tw [202.153.191.246] failed - POSSIBLE BREAK-IN ATTEMPT! : 5 time(s)
reverse mapping checking getaddrinfo for corporat065-167059038.sta.etb.net.co [65.167.59.38] failed - POSSIBLE BREAK-IN ATTEMPT! : 19 time(s)
reverse mapping checking getaddrinfo for ev1s-75-125-43-50.theplanet.com [75.125.43.50] failed - POSSIBLE BREAK-IN ATTEMPT! : 46 time(s)
reverse mapping checking getaddrinfo for hst13.migrateplans.com [72.46.131.181] failed - POSSIBLE BREAK-IN ATTEMPT! : 68 time(s)
reverse mapping checking getaddrinfo for bzq-179-135-183.static.bezeqint.net [212.179.135.183] failed - POSSIBLE BREAK-IN ATTEMPT! : 298 time(s)
reverse mapping checking getaddrinfo for host112163.metrored.net.mx [200.77.249.163] failed - POSSIBLE BREAK-IN ATTEMPT! : 8 time(s)
Address 98.126.208.50 maps to customer.krypt.com, but this does not map back to the address - POSSIBLE BREAK-IN ATTEMPT! : 50 time(s)
reverse mapping checking getaddrinfo for corporat200-7543230.sta.etb.net.co [200.75.43.230] failed - POSSIBLE BREAK-IN ATTEMPT! : 97 time(s)
Address 61.168.44.5 maps to pc5.zz.ha.cn, but this does not map back to the address - POSSIBLE BREAK-IN ATTEMPT! : 50 time(s)
reverse mapping checking getaddrinfo for ip36.70.inetmar.com [92.42.36.70] failed - POSSIBLE BREAK-IN ATTEMPT! : 50 time(s)
Address 218.28.20.135 maps to pc0.zz.ha.cn, but this does not map back to the address - POSSIBLE BREAK-IN ATTEMPT! : 168 time(s)
reverse mapping checking getaddrinfo for 187-5-142-129.bnut3700.e.brasiltelecom.net.br [187.5.142.129] failed - POSSIBLE BREAK-IN ATTEMPT! : 478 time(s)
reverse mapping checking getaddrinfo for cliente-13108.iberbanda.es [82.198.115.50] failed - POSSIBLE BREAK-IN ATTEMPT! : 324 time(s)
reverse mapping checking getaddrinfo for host-203-92-76-19.lga.net.sg [203.92.76.19] failed - POSSIBLE BREAK-IN ATTEMPT! : 5 time(s)
reverse mapping checking getaddrinfo for 229.1.163.220.broad.km.yn.dynamic.163data.com.cn [220.163.1.229] failed - POSSIBLE BREAK-IN ATTEMPT! : 240 time(s)
reverse mapping checking getaddrinfo for 56h29.xjtu.edu.cn [202.117.56.29] failed - POSSIBLE BREAK-IN ATTEMPT! : 54 time(s)
reverse mapping checking getaddrinfo for 202.53.76.24.nettlinx.com [202.53.76.24] failed - POSSIBLE BREAK-IN ATTEMPT! : 45 time(s)
Address 218.28.103.202 maps to pc0.zz.ha.cn, but this does not map back to the address - POSSIBLE BREAK-IN ATTEMPT! : 373 time(s)
Address 72.9.228.73 maps to marisil.org, but this does not map back to the address - POSSIBLE BREAK-IN ATTEMPT! : 6 time(s)
Address 72.9.228.73 maps to marisil.org, but this does not map back to the address - POSSIBLE BREAK-IN ATTEMPT! : 6 time(s)
reverse mapping checking getaddrinfo for 74.126.30.110.static.a2webhosting.com [74.126.30.110] failed - POSSIBLE BREAK-IN ATTEMPT! : 15 time(s)
reverse mapping checking getaddrinfo for 74.126.30.110.static.a2webhosting.com [74.126.30.110] failed - POSSIBLE BREAK-IN ATTEMPT! : 15 time(s)

It involves the use of a plugin (currently maintained at OSSEC) to get WordPress to send syslog events for OSSEC to parse.  It is a good idea since it is good to monitor any web applications running for anomalies, but WordPress doesn't seem to provide any kind of audit logging.

Looking at its capabilities, the first use for this that comes to mind is to monitor sites that run WordPress with multiple user logons.  As for those with insufficient access to your web server (you're on a shared webhost), you're probably better off using the tips given at wpbeginner.

I won't know yet, but perhaps I'll have a better idea on what it is good for after I try it out.

Do YOU use OSSEC to monitor your WordPress installations?  Any comments on it?