Have a habit of checking servers log files regularly for failed login attempts to detect if your server had any brute force attacks. Ban user IP with multiple failed login attempts. You can also restrict users for the amount of login attempts they can perform. Do not allow multiple root users. You should disable your demo or guest accounts. Install a firewall, like APF or TinyFirewall, on your servers.