Attackers often exploit wp-config.php to find database credentials and add an admin user. This persistence can be hidden with SQL triggers.
ReadA lot of Wordpress websites still use deprecated plugins. What is the danger ?
ReadModSecurity 3.0.X is affected by a DOS vulnerability, due to the way regular expressions execute.
Read