Currently the world is seeing large scale DDoS attacks aimed specifically at WordPress sites. The current round of attacks target the wp-login.php and bombards it with the ‘admin’ username and repeatedly attempts to break the password.
If you are using the default WordPress user account that uses the ‘admin’ username, we recommend creating a brand new user account with a custom username and a strong password. Make sure you set the new user account to ‘Administrator’ then delete the default WordPress account, remember to attribute all your old posts over to the new account before deleting the default admin user.
For a bit of extra security check out the Limit Login Attempts plugin to help help limit the number of login attempts.
Along with a custom username we also recommend using strong passwords, check out our post about strengthening passwords, the post in mention is below:
Also make sure you are always running the most up to date version of WordPress, the current version is 3.5.1.