I’ve been seeing a lot of bot login attempts on a number of different WordPress installs lately. Almost always (but not exclusively) they’re attempts to login to the account “admin”. There’s a pretty good chance you have a user with this name since WordPress often creates one when you initially do the install.So if you have the user “admin” and maybe a weak password, you could be ripe for break-in. I don’t actually know what the bots would do with your site if they got in, but it’s a safe bet they’re not trying to deposit cash in your bank account.
My advice: delete your “admin” account. Of course you need 1 or more “admin-instrator” level users, but none of them need that username. It might actually take you a minute to do this, since if you created the WordPress Install, you may well have
This means that you won’t be able to create a new user account with your firstname.lastname@example.org email since it’s already in use. So if that’s your primary email, you’ll have to create a new admin-level user with a different email, then delete the “Admin” admin-level user, and THEN you can make
It’s a little bit of a nuissance, but we’ve all seen peeps, maybe ourselves, crying about data on a crashed hard drive, and thought, hmm, I guess backing up really isn’t that much hassle. Deleting a user named “admin” isn’t going to solve everything in the world, but it’s a pretty easy step to help diffuse a real and current problem. Shout if I can help or say anything more on it!
I’m way not any sort of security expert, nor a WordPress Security specialist, and since it’s pretty important stuff, as always, see a professional! This is just some info that might be useful as observed from my little mini-trench in the field.
Good Luck! Play Safe! But still Adventurous!