On Wed, 03 Sep 2014 19:36:00 +0200 Axb <axb.li...@gmail.com> wrote: > I've seen a rather large number of legit msgs including links to > images in /wp-content/
I tested the rule. Lots of false-positives. I think the FPs can be almost eliminated if we additionally insist the URL contain ".php" somwehere after the /wp-*/ component. All the FPs I've seen so far point to images. And since WordPress is written in PHP, any malware dumped into a WP directory is likely to be in PHP also. Regards, David.
