Here's a good Sucuri's article that proves what I see literally every day analyzing access logs of infected WordPress sites and what I wrote about here

Almost every WordPress blog is now a target of brute force attacks that try to guess admin passwords.

Read the article and check the list of passwords that you should never use. Anywhere.

Then go and change your password to something strong and make sure you don't use default adminitrator usernames as admin. Actually, the first thing you should do after installing a WordPress blog is create a new user with an administrator role and then remove the default admin user.
Shared publiclyView activity