I have no idea who or why, but whoever it was did it using a script to try to guess my password up to four times a second. Luckily they have absolutely no idea what my username is.
It was also done very deliberately as one of the attempted logins was 'bookblog'.
Which is probably the scariest thing. This wasn't just a random spam attack, but by someone who is aware the blog focuses on books and for some reason desperately wants control of my data.
I suggest everyone update their passwords to something ridiculously long and remember to change them regularly.