Apparently there is something new hackers are using to infiltrate WP sites. I have been bouncing around between multiple sites today fighting it. They are able to make 3 username and password guesses to the previous one. For example, security is set to 5 password attempts in 5 minutes and then the hacker is locked out. 5 attempts is all they have ever been able to manage before being locked out. In the last couple days they are able to do 12-15 before the system catches it as 5.