This article explains why many WordPress websites have a lot of failed login attempts. It also explains what you can do to protect your WordPress website from failed login attacks.
Version 1.4 of WP Security Audit Log is available for download. The major feature highlight for this new version is the much improved monitoring of WordPress failed logins, where the plugin reports the username being attacked allowing you, the WordPress administrator to take evasive actions and avoid having your WordPress hacked.
We just released a new version of WP Security Audit Log that has enhanced monitoring of WordPress failed logins, thus enabling WordPress and WordPress multisite administrators to keep track of all offending IP addresses during a brute force attack.