Re: https://urlquery.net/report/ddb724a0-b255-4301-87d5-f53b942d8016
Directory Indexing
In the test an attempt was made to list the directory contents of the uploads and plugins folders to determine if Directory Indexing is enabled. This is a common information leakage vulnerability that can reveal sensitive information regarding your site configuration or content.
/wp-content/uploads/ enabled
/wp-content/plugins/ disabled
Directory indexing was tested on the /wp-content/uploads/ and /wp-content/plugins/ directores. Note that other directories may have this web server feature enabled, so ensure you check other folders in your installation. It is good practice to ensure directory indexing is disabled for your full WordPress installation either through the web server configuration or .htaccess.
Site issues and blacklisting: https://sitecheck.sucuri.net/results/programbul.pro/wp-includes/
consider: https://aw-snap.info/file-viewer/?protocol=not-secure&ref_sel=GSP2&ua_sel=ff&chk-cache=&fs=1&tgt=cH1dZ318bWJ1bC5wfV1gd3AtW25ebHUje3Ng~enc
main site resolving here: http://185.93.71.204/cgi-sys/defaultwebpage.cgi (so without wp-includes/
10 detections under that specific IP address: https://www.virustotal.com/gui/ip-address/185.93.71.204/relations
Consider also exploitation via .htacess - https://medium.com/@insecurity_92477/utilizing-htaccess-for-exploitation-purposes-part-1-5733dd7fc8eb
So consider: https://www.malcare.com/blog/how-to-restrict-access-to-wordpress-files-using-htaccess/#iv_Disable_PHP_execution_in_specific_directories
polonus (volunteer 3rd party cold reconnaissance website security analyst and website error-hunter)