Can't comment on the score - hacked Wordpress sites often have bits hosted in
* wp-admin
* wp-content
Pages within these directories are publicly accessible, but it is very unusual
for a WP plugin to reference these URIs directly in outbound emails
Paul
On 19/10/2018, 14:38, "Alex" <mysqlstud...@gmail.com> wrote:
Hi,
Should we be adding 3 points for just this, or is there never a reason
users should be using /wp-admin in their URLs?
Oct 19 09:33:11.561 [1299] dbg: rules: ran uri rule __URI_WPADMIN
======> got hit: "/wp-admin/images/"
The rule description says possible phishing, but how would an end-user
be in a position to create a public link that involves their WP admin
directory in the first place?
--
Paul Stead
Senior Engineer (Tools & Technology)
Zen Internet
