A lot of my Wordpress sites are getting multiple attempts to access:
http://www.DOMAIN/wp-plugins/config/index.php
all only from "dodgy" countries.
I guess they are looking to see if there is an index file there or if they can upload their own plugin.
I'm using Wordfence to see this...