Today, I removed the “admin” user from my WordPress blogs. There is a bot that is hacking passwords by “Brute” force. That means that they are using “admin” and a dictionary of passwords and trying millions of times, until they gain access to your blog.
My password keeper, LastPass, has more information about it in this blog post. http://blog.lastpass.com/2013/04/wordpress-blogs-attacked-what-you-need.html
Also, the Matt, the creator of WordPress has information about how to change it on his blog http://ma.tt/2013/04/passwords-and-brute-force/