I wrote a simple WordPress plugin that logs all login attempts, failed and successful ones, to a simple text file. Example log entry:
It is very scary to see how many login attempts there are on a day. Most of them seem to be coming from bots that try often used username/password combinations in series of 10 to 20 attempts (or maybe ‘attacks’ is a better word).
There is one important lesson here: choose a strong password for you WordPress admin section, and change it often!
Even an insignificant and small blog will be subject to attacks.