I am checking my website access logs to try to identify IP addresses as hackers. I have found a series of 4 files that are being hit by IPs in France and China. The series of files includes my WP Login page at /wp-login.php. I would like to know if there is a valid reason why the series of files are being hit or if the hits are being made by a hacker.
Series of 4 Files:
1. GET /archives/5 HTTP/1.1
2. GET /wp-login.php?action=register HTTP/1.1
3. GET /archives/5 HTTP/1.1
4. POST /xmlrpc.php HTTP/1.1