The default username for a wordpress install is ‘admin’ and once it’s set there’s no getting rid of it so plan this *pre-install* !!!
Once a valid username is known then an attacker can try to guess the password by trying to log in with a dictionary list of thousands of passwords. Make it hard for them and don’t choose the default login name!