The BBC, ZDNet, WordPress and all of the IT Press have announced that a massive attack is in progress against every WordPress installation.
They are specifically targeting sites with account username ‘admin’ and cross-checking that with password lists.
There are a number checks, fixes and guides you can use but the simplest is to install a solid security plugin.
Most of the free ones are poorly implemented and usually are not supported plus they can get you locked out if you’re not careful.
The most efficient plugin that is easiest to use is SecureScanPRO. You don