Do we need to change our admin username?
Permalink 1 user found helpfulShould we worry about this?
<Wordpress has been attacked by a botnet of "tens of thousands" of individual computers since last week, according to server hosters Cloudflare and Hostgator.
The botnet targets Wordpress users with the username "admin", trying thousands of possible passwords.>
Source:http://www.bbc.co.uk/news/technology-22152296...

What I'm saying is that c5 is *just as vulnerable* as Wordpress here.
Using a stronger password, changing the admin username, or switching to login based on email are all things that can help prevent this from happening on your site. So is using 2 factor authentication or 3rd party login (ie, google).
I think c5 should take this seriously, too. Sure, it's not their fault that you chose "password" as your password, but having 100 concrete5 sites "hacked" on the same day can't be good for business.
Highly suggested, even if you set your limits pretty high to avoid good users that are actually guessing a forgotten password.
Heck, even if you set it at 30 or 50 attempts in 5 or 10 minutes it would be a heck of a limit, rather than letting someone guess away all day.