It’s happening all the time. Automated systems are trying to get access to your website. Some exploit known vulnerabilities; others just use brute force. The latest scare is a large botnet that attempts to find your WordPress administrator’s password and therefore get control of your site. It tries to login as “admin” using a huge set of passwords. If your administrator username is “admin” then you’re pretty vulnerable.
AND if your password is one of the most common then you’re stuffed.
So change both now!
Instructions: WordPress security – user names and passwords