If you run a WordPress site and haven't yet heard, there's a brute force attack being coordinated against WordPress sites the last few days. I was alerted to it sometime last week by my web host who started putting things in place to help prevent the attack, but could potentially slow down the server at times. A client of mine received a similar email from a different web host.
The gist of what's happening is a bot net is attempting to login to any WordPress site it finds. The attack is using the knowledge that the default admin username on WordPress sites is admin. It's then using brute force to try as many passwords as possible.
If you run a WordPress site there are a couple of things you should do at a minimum.
1. Change or remove any accounts on your site with the username admin. If admin is your only admin account you'll want to create a new admin account with a different username first.
2. Make sure your passwords are secure. Then make sure they're even more secure than that.
Here are a few links to information about what's going on and a couple of methods for how to change the admin username
Brute Force Attacks Build WordPress Botnet
WordPress and spam: How to protect yourself
How to Change Your Admin User Name in WordPress
You might also want to search for security plugins. I usually hear good things about Better WP Security
Lockdown those WP sites.