If you are targeting a popular application, remember to check whether there are any NSE scripts specialized on attacking them. For example, WordPress installations can be audited with the script http-wordpress-brute:
$ nmap -p80 --script http-wordpress-brute <target>
To set the number of threads, use the script argument http-wordpress-brute.threads:
$ nmap -p80 --script http-wordpress-brute --script-args http-wordpress-brute.threads=5 <target>
If the server has virtual hosting, set the host field using the argument http-wordpress-brute.hostname:
$ nmap -p80 --script http-wordpress-brute --script-args http-wordpress-brute.hostname="ahostname.wordpress.com" <target>
To set a different login URI, use ...