it's inevitable that hackers want to break into your site. with some of the wordpress sites i managed, i'm surprised to find that no matter what username i changed to, even if the name is very cryptic, there are hacking attempts with those usernames! i looked everywhere to ensure username is not exposed yet they could still find it!
are hackers really that smart?
apparently this is a known issue. i found an old discussion from 3 years ago.
wordpress has a built-in feature that displays author's profile.
yoursite.com/?author=1 will redirect to yoursite.com/author/username.
hide it with .htaccess:
RewriteRule ^author/(.*)$ /index.php [R,L]
install disable author pages plugin. setup and configuration is very easy. highly recommended a must-install plugin, unless you want to display author's page.