It's actually two separate, but extremely similar attacks. One is exactly as described in the article, fairly distributed dictionary attack with user admin against wp-login.php. The second one is slightly more advanced, much much more distributed and I've seen it go for Joomla and wordpress, trying common usernames at times (though generally sticking to administrator/admin) and going through what appears to be a dictionary of about 3000 passwords. The bigger issue is these are coming in so fast and from so many directions, on resource constrained machines this is essentially ending up like a DDoS, which has a lot of ancillary effects. mod_sec and other similar methods of identifying these incoming before hitting apache and spawning a php thread are proving to be very much not enough.