Thanks Barnez.
A further four attacks have been thwarted by Wordfence and the "attacker" is now trying another generic word (they've tried "administrator" and now "support" - neither or which will work.
Good idea about the nickname in the profile - I didn't think of that but it makes lots of sense thanks.
The Wordfence Option you refer to ("Discovery") is already set, so it must have been enabled on setup.
I'm getting a sense of reassurance that they've moved on to some generic usernames now and (hopefully) abandoned the one real username - which they might have guessed.
It still would be good to know which passwords were attempted (and declined).
Fingers crossed that they'll give up soon :/