If I were writing an attack bot, I think I would only consider a blog's dormancy as a last resort. First I would try to find what software the blog runs, including version numbers. Then I would use that info to look up default passwords and other known vulnerabilities.

Examining my own blog, for instance, I found my WordPress and JQuery versions just by watching which files got downloaded when I loaded the main page in Firefox:

jquery.js?ver=1.12.4

wp-embed.min.js?v=4.7.2

I would suspect that the age of your blogs is more relevant than their activity level. Your older blog probably got discovered some time ago - including whatever software versions it was running at the time - and added to a list of known blogs they could attack. The list gets passed from person to person. Now some script kiddie gets a copy of it and decides to use your blog for target practice.