DONT MAKE YOUR MEMBERS AREA Bruteforceable !!
This is the solution ...
Exemple :
Make http(s) form login not classical pop-up login
And use random image picker for people MUST enter
theirs user pass after this number image randomly picked
user =gfy
pass= test
the number on the image= 000000-999999
Click Here Enter here
and move you members area to random name
www.example.com/your member area daily random word/content.htm
if you dont move your private area to random name
your files can be BRUTE FORCEABLE
i mean this form login will not work if someone know your data files images where it is ..
www.exemple.com/members/1.jpg -> Can be always brute forcable
So you have to use random words for your files
sorry for bad english but this is the simple solution !!
And Never let Your users choose their pass let them use their e-mail and pass e-mailed them AlphaNumeric : GfY12Xrt
So crackers will never guess what kind of pass they will use for brute force ..