Below is a log of failed attempts by a script or bot to guess your WordPress admin panel URL. WordPress is the most popular website platform in the world and is also the most attacked. Any wordpress site my team takes on will get a security sweep that includes implementation of a custom admin panel url and multi factor authentication for all users to keep people out of your admin panel.
On a similar note, attacks on WordPress sites are common against installed plugins, which aren’t developed as securely as the WordPress platform itself. Here is an example of a bot checking for specific files on specific plugins that have known vulnerabilities. I highly recommend keeping the number of plugins and themes on your wordpress site to a minimum, and keeping them up to date.