Exactly what I thought when I read "Operators of WordPress sites can take other measures too, including installing plugins such as this one and this one, which close some of the holes most frequently exploited in these types of attacks. Beyond that, operators can sign up for a free plan from CloudFlare that automatically blocks login attempts that bear the signature of the brute-force attack.".
Then I saw the source for this "news": Cloudflare's blog.
Then I saw the source for this "news": Cloudflare's blog.