Last week one of my WordPress installations got hit by a distributed admin password attack.
Over the course of ~24 hours, about 1.800 attempts to log in as administrator have been made, originating from over 500 IP addresses world-wide.
The requests always had the same sequence:
GET /administrator GET /administrator/ POST /administrator/index.php
The requests continued until I finally “hid” (i.e. renamed) the login script and replaced it with an empty file without input controls. About 15 minutes the requests stopped.
The requests mainly originated from Asia, especially Russia and neighboring states: