Since early 2013, there are many large-scale WordPress brute force attacks coming from a large amount of IP addresses spread across the world. The attack targetting “wp-login.php” file in Wordpres’s installation.
The attack attempts to break into WordPress admin dashboard by continually trying to guess the username and password. It is a very good practice to have a very strong password which at least 8 characters and includes small letters, capital letters & special characters.
The botnet attack is mainly targeting this default username, which is “admin.” So change the administrator username could significantly reduce the likelihood of your site being successfully logged into by a malicious user.
WordPress doesn’t allow to change username in the dashboard, so you have to change it from MySQL database.
To change, log in to phpMyAdmin or any other program that allows you to modify MySQL data.
Select the Approprite database → Browse to “wp-users” table → Look for “user_login” column → Select the Administrator username → Change to New Username → Save Database
Use your new username to log into your WordPress dashboard.