A “massive distributed brute force attack” recently hit WordPress sites using a high volume of IPs, according to a Wordfence blog describing the scene.