A site I occasionally help out with was on the receiving end of a brute-force attack today. Nothing subtle about it: a single IP address in Europe sent nearly 50,000 attempts to log in using a single user account. Hackers are out there, people, and they are persistent.
For securing WordPress sites, I highly recommend the Wordfence plugin. I have no affiliation with the product, but I will say that even the free version is truly an excellent piece of software.