WordPress and Joomla are among the most popular Content Management Systems (CMSs). They have also become popular for malicious actors, as cybercriminals target sites on these platforms for hacking and injecting malicious content.

https://www.zscaler.com/blogs/research/abuse-hidden-well-known-directory-https-sites