We are currently monitoring the largest distributed brute force attack on WordPress installations that we’ve seen to date.
A brute force attack is when an attacker tries many times to guess your username password combination by repeatedly attempting to login to your admin panel. A distributed brute force attack is when an attacker uses a large number of machines spread around the internet to do this in order to circumvent any blocking mechanisms you have in place.
BluErth recommends that until this passes you monitor your WordPress websites closely for unusual activity including logins, account creation or changes to the website. If you have not already done so, please install and configure the Better WP Security plugin to help prevent brute force attacks, and consider updating your admin password to something more secure if it is not already (we recommend at LEAST 10 characters, one uppercase letter, one number, and one symbol).
Link to: Better WP Security plugin