It’s vital to stop using generic usernames such as “admin”, “administrator”, “root” or “test”. These are currently heavily targeted by hacker’s bots. If your WordPress username is generic, like “admin”, you’ve given away half of your login details. If you are using one of these, set up a new admin account, login with that and delete the poorly named account.
From the Security, Support & WordPress categories Use strong, unique passwords
Encourage users to create strong passwords. A combination of uppercase and lowercase letters, numbers, and special characters makes passwords more resilient. Avoid using default or easily guessable passwords.
