Signature Detail

HTTP: WordPress "wp-includes" Path Remote Access

This signature detects improper attempts to access a WordPress-enabled website. This signature detects access to the "/wp-includes" directory of a web server. The WordPress "/wp-includes" directory is intended to store core WordPress functionality and should not contain any remote content. Web Application Scanners often will access files in this directory to determine the version of included packages (such as jQuery). This can be used to leverage version-specific follow-on attacks. Furthermore, attackers are actively compromising WordPress sites and installing "spam" websites within them. Users could be duped into purchasing fake items or be the victims of further exploit attacks. Hits on this signature could be from users following spam links. If you are not blocking on this signature and see your server respond with content, your server could be compromised.

References

• URL: http://blog.sucuri.net/2014/06/spam-hack-targets-wordpress-core-install-directories.html