I’m in agreement with your comments. I have now read the official WordPress How to install WordPress article and see that it does not have any reference to changing the account. When installing, I had assumed the instructions were WordPress policy. I see that it is still proposed in the Hardening WordPress article you suggest.
The real concerns about the login attempts is that clearly user account information is leaked inadvertently although the safety of this is not a problem. What does concern me is whether any other information, that may be security related, is also leaked along the same (or similar) channels.
The Chinese login attempts have come from several tens of addresses so far. I don’t see how they can be stopped without dynamic address blacklisting. This may be too expensive for routine use.
My intent with the incident was to make available a recently installed system with minimal customisation that could be inspected to see where the leakage had occurred to permit improvement of the overall core.
If that is not of interest, I’ll mark this as resolved. Thanks for the response.
