Hello all, first time here :)
From some time ago I was using Limit Login Attempts plugin (http://devel.kostdoktorn.se/limit-login-attempts) wich reports me every blocked ip address that was guessing passwords on my site. You can bet 99% of times admin was the username bots are attacking, but this time I find that some ip from France was trying to brute-force a custom username, one created by me that its not public in any way.
Since this is happening at an special site wich I modified to not include any mention to the posts's authors (removing things like meta property="article:author" for example) I wonder how this is possible. Anyone can tell me wich knowns methods are available for guessing a WP username and could they can be mitigated?