Our WordPress honeypot was attacked a total of 201 times in October 2018. Luckily only 2 of these attacks were serious. Normally the /wp-login.php form was queried for random usernames and passwords. The two serious attacks did not seem akin to automated bruteforce attacks as the usernames tried were specific to the site and could not have been generated automatically. All attacks were thwarted by implementing a strong bruteforce protection.
In it, type or append the following lines:
deny from all
allow from [YOUR IP]
Interestingly, all two advanced attacks originated in Vietnam.