Brute Force Protection
WordFence appears to have adequate brute force protection by limiting the number and frequency of log-in attempts, but I found a plug-in that could make attackers earn us a bit of currency as well.
https://github.com/dustyfresh/coin-auth
Here is the wprdpress plugin page https://wordpress.org/plugins/coin-auth/ but basically it adds a captcha on login which asks the user to perform some work before being allowed to submit the log-in.
Unfortunately it disables the log-in button when using ThemeMyLogin plug-in. Seems to work when using the default WP login though.
But it's open source so maybe we can get it to work on clickforafrica.org.
I tried asking the dev in their wordpress.org forum. - Not holding breath though as it has not been updated in over 10 months and only shows as having 10 users, so may have been abandoned.
It may be easier to add the CoinHive captcha without a plugin.