I've got a Fail2Ban jail set up to ban anyone accessing any wp-login.php more than five times. It's just triggered a dozen times in a minute - there's another major burst of hack attempts going on. Especially if you or any clients have an account called 'admin' on a WP site - not a good idea, as it's the WP default and thus the primary one hackers go for - you want to watch out. Ian (Another eight triggers while writing this...)