WordPress is the most popular CMS (and best in my opinion) around today. However because of this it’s also targeted a lot by Hackers and is easy for their attack bots to find.
One of the many things you can do to make your WordPress website more secure is change your WordPress Login URL to something unique.
Most people don’t do this and therefore the bots know exactly where to find your login page so they can then set about their attack to try and force their way in. If the bots can’t find the login page then they can’t login.