One of the most common ways that people attack WordPress sites is via the wp-login.php file.
Hackers try a "brute force attack" where they simply go to your login page and try to login as many times as they can. They try to login to your site using a masterlist of common usernames and passwords.
Every time they access that login page it adds stress to your server. If they're accessing the page multiple times per second, it can significantly slow or even crash your site.
In this video, Topher shows you how to solve this problem via a plugin called "Rename wp-login.php".