robots requesting user, login, wp-admin and more

I’ve been getting a steady pelting from (assumed) robots wanting non-existent pages & directories such as TLD.com/wp-admin/, TLD.com/user/login/ etc, etc.

Today alone, I received over 1,000 404 notices via email from my plugin ‘404 Notifier’ . This cannot be healthy.

Any Ideas or helpful suggestions?

So, far, I’m winging it and created these (empty) dummy directories that are so requested, then denied access via htaccess.

I’m Total WP n00b, btw…
Thanks for any help.