A few weeks ago there was an unprecedented attack by 90,000 bots (individual PCs infected with malware that are remotely controlled without the owners knowledge) on WordPress and other web sites by trying to log in with common passwords. Since we use the Recaptcha where you must enter the fuzzy words on login, you were not affected, although we did see attempts in the logs.
Make sure you are using secure passwords everywhere and change them for each site. Use a tool like Keepass or LastPass to manage all your passwords. You remember one pass-phrase, and the tools will keep track of all the other passwords and log you in. You can even sync a password database across all your devices.