Why Dozens of "Ghost" Users Haunt My WP Domain?

Hello everyone:

Why would 60+/- new users register at my low-profile WP blog since its launch last March at https://www.luckeywriter.com – but never write a post, fill out a contact form – or even a trace of their presence?!

Per G Analytics daily auto-emailed Excel sheets, NO traffic for weeks – but WP Security, Sucuri, et al., keep emailing failed login attempts and new user registration notices!

Since Bad Behavior plugged in less than a week after site launch, all obvious spambots have completely vanished. I did recently find & delete a buncha spam messages “caught” by another plug-in. However, none of that caught junk seemed to generate any new user registrations or failed logins.

Also, HostGator diagnosed a brute force attack a few months back, right after auto-email security alerts kept bombarding.

But “ghost” users I’m referring to in this post either: 1) actually register; or, 2) fail to login just a few times per day. Most of the latter appear to from different IP addresses (which I know are easily disguised).

So my questions are:

1. Why would users sign up but never post any content or request contact? Are they hackers seeking “backdoor” access to my admin dashboard via any means possible?

2. Why would spammers/hackers, target a zero-profile site that’s still under slow construction by an IT idiot operator (me)?

3. How do spammers/hackers even LOCATE sites like mine with undoubtedly near-zero SEO visibility?

Thanks in advance for helpful insights & kind patient assistance.