Security experts recommend beefing up password security on web applications. A botnet of 25,000 Windows workstations successfully brute force username/password combinations for more than 6,000 WordPress sites. Administrators who know their CMS systems have weak passwords should immediately change the credentials to be longer and more complex. The latest version of WordPress also lets site owners call the administrator account something other than “admin,” which would make it more difficult for these kinds of automated attacks to succeed because the attacker doesn’t know what username to target.”]
Source: https://www.cuinfosecurity.com/attackers-target-weak-web-app-passwords-a-6005