This will be a stub compared to the sorts of posts I wish to put up here (and boy, I’d like to do this sort of thing more often), but holy crap, people seem to really like to try bruteforcing their way into blogs.
I find it rather silly given how little traffic I assume I get, but I suppose it is just bots scanning through something like Shodan for signs that a WP blog is being hosted at x domain. Not much I can really do about it, I suppose. Just need to block them as they pop up and shoot the ISPs a quick email with the info.
2022-09-24 Edit:
They are still trying! I might put up a CSV of my blacklist for others to use in the future, or if anyone wants it.