I'm actually hoping others have this & can advise.
I'm with ventraIP & netorigin.
Within the past four weeks, I'm getting alerts (Wordfence)- of attempted sign-ins.
I don't use the standard username. However, it means it's something trying to guess User/Pwd.
How can I block it?
Ta
Usually it's ok if your username isn't something very standard like root or admin, but if you're really worried you can always move wp-admin to somewhere else, or/and you can set the page to be IP restricted. I don't do the IP thing because my IP changes once in a while and I just can't be bothered, but that's something to consider.
very very common, If you think you've got a secure enough password i would just let it be however you can download login attempt logs and see what they're trying and how often. I use safeapp which gives me a new password every 60seconds or so i believe from my mobile, which seems to have fixed my problem.