Our WordPress honeypot was attacked a total of 201 times in October 2018. Luckily only 2 of these attacks were serious. Normally the /wp-login.php form was queried for random usernames and passwords. The two serious attacks did not seem akin to automated bruteforce attacks as the usernames tried were specific to the site and could not have been generated automatically. All attacks were thwarted by implementing a strong bruteforce protection.

Attack origins

Ukraine
49%
United States
20%
Great Britain
17%
Turkey
13%
Vietnam

Interestingly, all two advanced attacks originated in Vietnam.