I have the "Login Lock" plugin installed and I regularly receive emails telling me that there's been a malicious attempt to log in to my site. I'm not usually concerned by this because I have the plugin set to only allow 4 login attempts then ban the IP address for a week.
Also the attempts usually target the username "admin" which I don't use. I have a completely unique username and, in the user profile settings, I have it set to publicly display a different nickname.
Just recently however I have noticed a couple of attempts to login using my unique username which is not publicly visible. How is it possible for someone to discover this username and how can I protect it from being seen?