I saw this while examining the Wordfence 404 log on a client's site this morning:
Those URLs with ?author=[number] is the hacker trying to learn the usernames of the website's authors. Once the username is know then the hacker can concentrate on figuring out the password.
It's best to block the hacker's IP address because when this approach fails he'll just move on to the next attack. In many cases I'll block the hcker's entire network.