According to TechCrunch, sources at both HostGator and CloudFlare have been seeing a spike in bot attempts to bruteforce the login details for administrator accounts on WordPress sites across their networks.
Although they’ve advised admins to use long-difficult passwords and various preventative plugins, the number of bots at this groups disposal is thought to be over 100,000. This should make any administrator a bit weary, and we advise you all to keep an eye on your sites and lock down your login process as much as possible.
According the the article, the attack may be in order to eventually control the hosting server, in preparation for a larger DDoS attack in the future.
The guys at BetaNews, simply locked down access to their wp-login.php file for the duration of an attack on their site, whilst Peter from CallADeveloper recommends updating .htaccess files to check if a login request is being made directly or referred from your site.
Keep in touch with your hosts, web developers and web security team.