Avoid brute force for wordpress

Not only it poses a security risk by hackers/bots trying to break into your wordpress install but also for a system admin it’s a nightmare because it may increase the server load.

A solution would be to install a wordpress extension like wp security and configure it to hide the admin panel.

Because not always the server admin is allowed to play with the wordpress websites on server there is another solution using mod security.
After mod security is installed via easyapache, you can edit /local/conf/modsec2.user.conf and place

Then simply restart apache