Thousands of WordPress sites with administrator username set to “admin” or “Admin” have been compromised via large-scale brute force attacks. WordPress founder Matt Mullenweg issued a warning Friday that WordPress users should change their default username. The advice applies to users of both the hosted WordPress.com site that offers hosted blogs, as well as the standalone WordPress software that is downloadable from WordPress.org. The six most commonly guessed passwords are “admin,” “123456,” “666666,” “111111” and “qwerty””]
Source: https://www.darkreading.com/attacks-breaches/wordpress-hackers-exploit-username-admin-