@FrankBukowski
Yes you are right, the username is fixed and cannot be changed from an installation. My mistake, as I was thinking of the displayed nickname used for posts, welcome greeting, etc.
@kmexpert
This thread discusses others who have had issues with correct usernames being used for unauthorised login attempts. I have read that if your add another username and password security layer to your login page, either through the cPanel or htaccess, and then send any failed attempts to the custom error pages such as
ErrorDocument 401 "Denied"
ErrorDocument 403 "Denied"the hackers soon lose interest and move on. Once you set up the new username and password on your browser it shouldn't be too much bother to login twice. Or, you could try limiting login by IP address if you use a static IP.