If you are using iThemes Security (and I do recommend using it), make sure you go to Settings and under Brute Force Protection have “Immediately ban a host that attempts to login using the “admin” username.” checked.
PS: And if YOU get locked out on your “admin” account, who knows why is that good, right? :)