I run a Wordpress blog, and recently decided to implement some security precautions. One of the first things I did was install the Limit Login Attempts plugin and activate it.
In the course of 2 months, I now have well over 1000 locked out attempts. All of them are trying to login as admin.
So, my recommendation is like most others. Don’t use the admin user, or rename it if you did, and install the Limit Login Attempts plugin and activate it!