Well, the password login isn't enabled in the first place, but the log is still full of these errors. That's annoying.
The log file is far cleaner after I changed the port.
Sounds like changing the port is treating the symptoms of the underlying logging problem you're having.
If you are open port on 80, someone will try /wp-admin on your server even it is a nodejs application.
Whether it makes sense or not, whether it is possible to success or not do not matter. Most scanner just default to do this.
The problem isn't password logging, because they can't success. The problem is log spam.
If you open service on these, you are going to have log spam from random ip source.
Well, the password login isn't enabled in the first place, but the log is still full of these errors. That's annoying.
The log file is far cleaner after I changed the port.