alert http $EXTERNAL_NET any -> $HOME_NET any (msg:"ET SCAN abdullkarem Wordpress PHP Scanner"; flow:established,to_server; http.method; content:"GET"; http.uri; content:".php?"; nocase; content:"&php"; nocase; distance:0; content:"&wphp"; nocase; distance:0; content:"&abdullkarem="; nocase; fast_pattern; distance:0; http.protocol; content:"HTTP/1.0"; depth:8; endswith; http.header_names; content:"|0d 0a|Host|0d 0a|"; depth:8; classtype:web-application-attack; sid:2021949; rev:4; metadata:affected_product Wordpress, affected_product Wordpress_Plugins, attack_target Web_Server, created_at 2015_10_14, deployment Datacenter, confidence Medium, signature_severity Major, tag Wordpress, updated_at 2020_11_03;)