by walash » 23 Jul 2015, 07:59
First of all, update everything as cited above. Most Wordpress' hacks are made through outdated plugins.
Once everything is updated and ready, install this plugin:
https://wordpress.org/plugins/gotmls/I had several Brute Force attacks few months ago and this plugin saved one of my websites.
There's no reason on why hackers would be targetting your sister's website if its not well ranked on Google (if it is, it's probably competition). Some hackers scrap thousands of wordpress based websites and try to hack it through Brute Force attacks to use them as phishing, spamming and scamming.
Also, tell your sister to change her password for something really unusual with special characters and numbers, such as QwErty.1@3$5 instead of qwerty12345. BF attacks are way harder that way.
Cheers,
Wal