Eu segui uma dica do @
Eu dei uma olhada nos de força bruta e aqui estão os logins mais usados:
MariaDB [(none)]> select username, fail, inet6_ntoa(ip), UA from wp_wflogins into outfile 'ataques.csv';
> awk '{print $1}' ataques.csv | sort -n | uniq -c | sort -n
1 -
1 123123
1 1234
1 123456
1 123456789
1 443/wp-login.php
1 aaa
1 abcd1234
1 admaster
1 admin.
1 AdMiN
1 admin123
1 admina
1 admini
1 administrators
1 adminPeach
1 adminwp
1 admon
1 Adsystem
1 This email address is being protected from spambots. You need JavaScript enabled to view it.
1 ahmed
1 alfons
1 alireza
1 anna
1 arrow
1 artsadd
1 ask6776
1 atarihost
1 autonewsbot
1 awen
1 azaret
1 This email address is being protected from spambots. You need JavaScript enabled to view it.
1 Beast3x
1 beescleaning
1 carpetsdubai
1 Casper_Security
1 catmeow
1 chris
1 christiane
1 Christophe
1 control
1 cpolo
1 dagon
1 darcy56
1 Darcy56
1 dedi
1 demilation
1 DemoDemo
1 demo_w1p
1 devadmin
1 dexter
1 digilabs
1 donaljkt9
1 dummy_store_5
1 editor
1 ednabanaag
1 eliasaf
1 enamad
1 eosuperadmin
1 Fabien
1 Farribeiro
1 gestinet
1 globalint
1 goog
1 This email address is being protected from spambots. You need JavaScript enabled to view it.
1 GP_Admin
1 grupovhn
1 gtfobiash
1 This email address is being protected from spambots. You need JavaScript enabled to view it.
1 hopefox34
1 This email address is being protected from spambots. You need JavaScript enabled to view it.
1 info
1 This email address is being protected from spambots. You need JavaScript enabled to view it.
1 Ivan
1 This email address is being protected from spambots. You need JavaScript enabled to view it.
1 jbalazs8178
1 This email address is being protected from spambots. You need JavaScript enabled to view it.
1 john
1 justin
1 kinga
1 kobieta
1 kulturecom
1 This email address is being protected from spambots. You need JavaScript enabled to view it.
1 lluis
1 loafa
1 This email address is being protected from spambots. You need JavaScript enabled to view it.
1 mainstream
1 marina
1 martinharvey
1 Megusta
1 microadmin
1 miruku
1 mohit
1 monica
1 mungmee
1 MUWY
1 ndvtzaifnz
1 Nwildner
1 oktay-dogangun
1 options
1 ovauser-admin
1 PiSh3r
1 protan
1 qiang521
1 quantri
1 raeesa
1 Rahul
1 redtor
1 richard
1 Richard
1 ridiz
1 rikimoh39
1 root
1 rootadmin
1 roottn
1 rzu4bd
1 sadminusez
1 santi2
1 senterprisys_admin
1 SEOExpert
1 seojiwo
1 seomaster009
1 shelby96
1 Sion
1 siteadmin
1 smngrs952
1 Support
1 temp3
1 This email address is being protected from spambots. You need JavaScript enabled to view it.
1 test3
1 tester
1 testionos
1 tuanduongthe
1 tuanpham
1 upastra007
1 Username
1 Vikash
1 voquanghuy
1 wadmiine
1 wdmgpvt
1 webstone24
1 webuser
1 wpadmin
1 WPADMIN
1 w-padmine
1 wp-admine
1 wp-blog
1 wp_developer
1 wpengine
1 wp_rest_api
1 wpsystem
1 wpupdate
1 wuser
1 wwwadm
1 xcom
1 xtw183870bbe
1 xtw18387106f
1 xtw1838711ab
1 xtw183871206
1 xtw183871550
1 xtw183872fc0
1 xtw18387331a
1 xtw1838738ca
1 xtw183873c09
1 xtw183874283
1 xtw183875328
1 xtw1838754ba
1 xtw18387596a
1 xtw183875977
1 xtw1838761a5
1 xtw183876e88
1 xtw18387757d
1 xtw183877c79
1 xtw183878b0d
1 xtw18387958b
1 xtw183879670
1 This email address is being protected from spambots. You need JavaScript enabled to view it.
1 xtw18387a0c5
1 xtw18387a9de
1 xtw18387aa3b
1 xtw18387adf8
1 xtw18387c077
1 xtw18387c339
1 xtw18387d0aa
1 xtw18387daad
1 xtw18387e84d
1 xtw18387e943
1 xtw18387f29e
1 xuanphong
1 yanz
1 zestful
1 Zestful
1 zokaroll
2 12345678
2 ac
2 adminlin
2 adminsup
2 adminusez
2 Auto
2 bapaksaya
2 burnolurko
2 Clare
2 francisunderwood
2 greeceman
2 happy
2 hex
2 hxq1879
2 ismm
2 jacquespermisdeconduire
2 jatin
2 jisuo
2 lashkari
2 maximixer789
2 Nacht
2 pajero_sports
2 smngrs953
2 smngrs955
2 susan
2 swilliams
2 testuser
2 thuylt
2 wadmines
2 This email address is being protected from spambots. You need JavaScript enabled to view it.
2 wiktorB
2 woopayplug
2 wordpress_admin_bak
2 wordpress_administratora
2 wordpressauto
2 wp
2 wpenginesupport
2 wpmanager
2 wp_postadmin
2 wpuser
2 x
2 xrumertest
2 xtw1838729c0
2 xtw18387754d
2 yanz@123457
2 yeuthuongmongmanh
2 zadminz
2 zutodoko
2 This email address is being protected from spambots. You need JavaScript enabled to view it.
3 admim
3 admin1
3 admin6
3 admingusar
3 bimak73555
3 Chris
3 demo
3 This email address is being protected from spambots. You need JavaScript enabled to view it.
3 mevivu
3 qwee123123
3 Reseller-webmaster
3 talhas
3 test1
3 wadmine
4 1001010
4 andremachado
4 crander
4 hostingadmin
4 matakucing3
4 patola
4 server
4 stender
4 username
4 wordcamp
4 wordpress_administrator
5 administratoir
5 administrator
5 This email address is being protected from spambots. You need JavaScript enabled to view it.
5 excontrol
5 itsme
5 support
5 user
5 wpadmins
5 wpcore
6 smngrs951
7 nwildner
7 paulomartins
11 test
12 farribeiro
18 Admin
19 wadminw
28 wwwadmin
54 linux-br
151 df7c8c98dfd88d9dfad
1270 admin
Realmente alguns logins existem e devem estar assinados nas páginas. Mas o restante é estilo Forrest Gump correndo de um lado pro outro atravessando os Estados Unidos sem saber o porquê.