Brute-force attacks are one the most common ones against WordPress sites. One of the possible solution is to use Login Security Solution plugin. It tracks attempts to login and ban IPs if there are too many of them during certain period of time. The plugin stores all information about the attempts in wp_login_security_solution_fail table. Here is how you can get summary on IP addresses which are attacking your site:

select ip, count(ip) as attempts from wp_login_security_solution_fail group by ip order by attempts desc;

Now you can block the most active of them in the firewall.