As I see so many scripts trying out wordpress vulnerabilities, it is just a matter of time until one bot will succeed. The only chance I see is to remove those unused themes and plugins, autoupdate wordpress and run weekly backups.
Another option is to monitor file integrity with this short php script
$cmd='find ./wordpress -type f -exec md5sum {} \;> ./hidden/wordpress.md5'; exec($cmd,$ret); echo "<pre>"; print_r($ret); echo "</pre>";
Results can be seen with
$cmd='md5sum -c ./hidden/wordpress.md5 | grep -oh ".*FAILED.*"';