iThemes Security Breach & Brute Force Attack Protection Caused Attack

iThemes Security recently announced its security breach (https://ithemes.com/2014/09/23/important-security-update-for-all-customers/) asking customers to reset their passwords on Sept 23rd. I reset my password. This comes on the heels of me adding the new “Brute Force Protection” feature to my roster of happy little protection features to my client’s WordPress site. Everything was going well for with the iThemes Security Plugin for this website until I added this feature and changed my password. Now I have 600+ pages of Error pages (I assume someone is brute-force pounding the site trying to get in).
It appears the site is more vulnerable to attack now after adding this feature. Does anyone have any recos on how to stop the bleeding and fix this? All help is deeply appreciated!