Here is a screenshot of a plugin I have running on my website which blocks fools which think they are intelligent. It's so funny. Hax0rs wit mad skillz yo! Probably 12 years old :D
407199

Have a look at the failed login attempts.
Username: kuffyswoodwork, admin, administrator etc etc. Those damn crazy Russians don't give me any respect and assume I am silly enough to use a common as dirt login name to give them half of information needed to successfully brute force their way in...

Gawd.... For what purpose?.... Just had a snoop around your website... Looks good.... Now to build up your inventory...

I'm reminded of a quote from a spectacular (may show more about my character than film critique capabilities) movie....
1.....2.....3....4.....5......6....
That's the sort of combination an idiot would have on their luggage.....

I really doubt serious hackers will be beating on the door of a wood workers website, these guys will be probing corporate or high level sites.
Most of the ones knocking on your door will be "wannabes" just practicing their hacking skills and may well indeed be 12 years old.
For every real hacker there are thousands of these wannabes out there.

"Admin" and "Username" as user names, and " Password" as a password, are often used as defaults on setting up IT accounts so these are the ones that are often used to try and break into systems.
My son is a PEN tester for corporate and govt IT systems - in a recent test on a major (>1000 accounts) mining company he found that ~20% of usernames/passwords were default type names.
Same for govt departments.
If folks won't change defaults then hackers will keep trying them.

The only reason I can think of as to why they would want access to the administration side of a storefront is to change the billing details so that transactions go to their account instead of my own. It doesn't give them any meaningful access to the server. It is a shared server which costs me only chump change per annum. Of course these are just bot networks running a very limited set of instructions hoping to find that 1/10000 website which does have the standard admin/admin login credentials. But I reckon such a website would have a turnover very similar to my own...which is $SFA :D

Unless they are trying to hijack your computer in order to hold you to ransom.

TT