I was having this kind of attack in my server logs also.
Then I've gone through all the Firefox and Chrome headers sent on WordPress login. I've made some rules. After about a year or so there were 50 attack vectors known to me. I use this WAF to report malicious traffic to Fail2ban which in turn activates the Linux firewall. Later on I've developed Miniban for people without a firewall. And "leanmail" to filter out Fail2ban notifications.