brute force? you keep using that term...

from here

it's difficult to take reports of the wordpress "brute force" attack seriously when it's using a password list. brute force attacks don't use lists, dictionary attacks do.