Blank Annonomous Comment undeletable via Admin

First off, my site is being bombarded by login attempts. Some one is trying to get in really hard. 4-7/hour at one point. I have the “All In One WP Security” plugin installed and have activated a lot of those countermeasures with little success. (The site is also running through the free Cloudflare plan.) I just change the login URL, and that stopped it overnight, till I saw there was a blank comment to moderate. I tried to “spam” and “trash” it from the “dashboard” which made it disappear for a second and it came back. I then deleted that comment directly from the database. Now, once I delete it, I keep getting that same blank autonomous comment submitted and having to delete it in the same way. comment_post_ID is “0” which may be why it’s not deletable?

Now I started getting about one login attempt per hour again.

Questions:
Did this comment somehow send the login URL out to a bot or whatever is trying to login in or was it just coincidence that they found the login URL. (not sure how that is changed with the plugin) There did not seem to be any code in the DB that went with the comment.

How do I keep that from getting submitted again and again? I have, “Comment author must fill out name and e-mail” yet it ends up blank with neither of those. I just turned off commenting on that post. We’ll see if that stops it or if it goes to a different post.