This is for self hosted wordpress sites.
A extra reason why you should never pick “admin” username
what is special about this attack? Any wordpress site just after launching start getting attacked by bots and if some admin uses a weak password that just a guaranteed way to get hacked.
And most bots first scan site for author name/login name which is easy to discover.