I had the opportunity to speak at tonight's Tucson WordPress Meetup which had a focus on security.
It was a short intro to Jetpack Protect (formerly BruteProtect) and a small
.htaccess mod to restrict access of wp-login.php to specific IP addresses. It went well.
Hopefully, I got some folks to at least change their admin account and use unique passwords.