Once an open source system becomes so popular as WordPress very often it becomes vulnerable to attacks. I wonder why the folks at WordPress have not done anything to enhance the security of the admin site, which, by default, you can access by going to /wp-admin.