wp-login.php
The default name of the web page the allows a web site administrator to log in to the dashboard and update a web site powered by WordPress.
URLs like http://example.com/wp-login.php are a favourite target for brute-force attacks that try to break into WordPress-powered web sites by guessing the admin username and password. If successful, the attacker could then publish their own content on the site or modify the existing content.
http://www.inmotionhosting.com/support/edu/wordpress/wp-login-brute-force-attack.