WordPress attacks? Stupid Hackers or Bloggers?

I maange the Military Libraries Division of SLA website and blog (http://military.sla.org/) .  It appears to be under “attack” today as reported via the WordFence plugin I use.  Someone keeps trying to login as administrator about every five to thirty minutes since about midnight last night.  This is not unusual.  What is interesting is to look at the reports I get from WordFence via email.  The hackers keep using usernames including the following:

  • admin
  • root
  • military
  • military.sla.org
  • sla

Are there still WordPress people out there that haven’t deleted or blocked the “admin” username?  Are admin accounts that easy to hack into in WordPress?

Currently the hack attempts seem to be coming mostly from Brazil and China.