If you have a wordpress.com site, the folks at wordpress, where your blog is hosted, are working at a feverish pace, to protect you.
The .com sites can’t use plug-ins, but they can use two factor authentication. This involves downloading a Google Authenticator App to your smart phone. It generates a new random numerical password every 30 seconds. If you don’t have a smart phone, you can have the code sent to you by text.
Quoting wordpress.com support, “the attacks are against WordPress.ORG installs that still have the default “admin” user – If you are on WordPress.COM – this means there is a whole army of people working to keep your blog safe from the bots.”
So, Bernie and Lee and Nevele and Julia and all you other “bots” out there -