diff --git a/detection-rules/link_hidden_dir.yml b/detection-rules/link_hidden_dir.yml
index c6d0ae47b1e..330d1997835 100644
--- a/detection-rules/link_hidden_dir.yml
+++ b/detection-rules/link_hidden_dir.yml
@@ -25,8 +25,7 @@ source: |
           or strings.icontains(.href_url.path, "/.bashrc/")
           or strings.icontains(.href_url.path, "/.zshrc/")
           or strings.icontains(.href_url.path, "/.profile/")
-
-
+          or strings.icontains(.href_url.path, "/.wp/")
   )
   // negate highly trusted sender domains unless they fail DMARC authentication
   and (