It’s funny, I’ve recently had spam requests trying to guess my admin password for the CentOS server I use to run this website. I can only assume it’s some kind of bruteforce attack.
Then even more recently, someone’s tried to trouble me with this attempted DDOS attack. In my opinion, as oxymoronic as this sounds, security through obscurity isn’t really security at all; however, WordPress is extremely popular and there are ways it can be violated/exploited. This specific type of attack probably wouldn’t exist if WordPress wasn’t so popular. I suggest reading about the “Disable XML-RPC Pingback” plugin and installing it.