There are very many brute-force attacks (mostly for 'admin' username) on WordPress sites. All these attacks are made automatically via post requests.
The question 1: how brute-forcer knows that the password is cracked for target username?
The brute-forcer try the typical passwords like: '12345', 'qwerty' etc. And often site administrators have username 'admin' with typical password and this username is cracked sometimes via brute-force. Limit-login attempts plugin solve this problem pretty good by the way.
Discussion on wordpress.stackexchange.com