@MinusFour busque red.php pero no encontre nada en el access...
Lo que si he visto, unas cuantas entradas de IP's que se aprovecharon del mailer (wp-query.php)
213.229.124.7 - - [08/Jul/2014:19:53:12 -0300] "POST /wp-content/themes/wilborada/wp-query.php HTTP/1.1" 200 57 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:23.0) Gecko/20100101 Firefox/23.0"
85.17.31.91 - - [08/Jul/2014:20:37:26 -0300] "POST /wp-content/themes/wilborada/wp-query.php HTTP/1.1" 200 57 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:23.0) Gecko/20100101 Firefox/23.0"
85.17.31.91 - - [08/Jul/2014:21:25:08 -0300] "POST /wp-content/themes/wilborada/wp-query.php HTTP/1.1" 200 284 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:23.0) Gecko/20100101 Firefox/23.0"
85.17.31.91 - - [08/Jul/2014:22:14:55 -0300] "POST /wp-content/themes/wilborada/wp-query.php HTTP/1.1" 200 532 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:23.0) Gecko/20100101 Firefox/23.0"
213.229.124.7 - - [09/Jul/2014:09:53:17 -0300] "POST /wp-content/themes/wilborada/wp-query.php HTTP/1.1" 200 399 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:23.0) Gecko/20100101 Firefox/23.0"
213.229.124.7 - - [09/Jul/2014:13:35:23 -0300] "POST /wp-content/themes/wilborada/wp-query.php HTTP/1.1" 200 156 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:23.0) Gecko/20100101 Firefox/23.0"
85.17.31.91 - - [09/Jul/2014:13:51:12 -0300] "POST /wp-content/themes/wilborada/wp-query.php HTTP/1.1" 200 153 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:23.0) Gecko/20100101 Firefox/23.0"
213.229.124.7 - - [09/Jul/2014:14:22:21 -0300] "POST /wp-content/themes/wilborada/wp-query.php HTTP/1.1" 200 282 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:23.0) Gecko/20100101 Firefox/23.0"
213.229.124.7 - - [09/Jul/2014:20:31:49 -0300] "POST /wp-content/themes/wilborada/wp-query.php HTTP/1.1" 200 226 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:23.0) Gecko/20100101 Firefox/23.0"
213.229.124.7 - - [09/Jul/2014:21:40:58 -0300] "POST /wp-content/themes/wilborada/wp-query.php HTTP/1.1" 200 509 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:23.0) Gecko/20100101 Firefox/23.0"
213.229.124.7 - - [09/Jul/2014:22:24:31 -0300] "POST /wp-content/themes/wilborada/wp-query.php HTTP/1.1" 200 519 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:23.0) Gecko/20100101 Firefox/23.0"
213.229.124.7 - - [10/Jul/2014:14:28:06 -0300] "POST /wp-content/themes/wilborada/wp-query.php HTTP/1.1" 200 57 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:23.0) Gecko/20100101 Firefox/23.0"
213.229.124.7 - - [10/Jul/2014:15:21:29 -0300] "POST /wp-content/themes/wilborada/wp-query.php HTTP/1.1" 200 57 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:23.0) Gecko/20100101 Firefox/23.0"
213.229.124.7 - - [10/Jul/2014:15:49:22 -0300] "POST /wp-content/themes/wilborada/wp-query.php HTTP/1.1" 200 57 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:23.0) Gecko/20100101 Firefox/23.0"
213.229.124.7 - - [10/Jul/2014:16:36:37 -0300] "POST /wp-content/themes/wilborada/wp-query.php HTTP/1.1" 200 120 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:23.0) Gecko/20100101 Firefox/23.0"
213.229.124.7 - - [10/Jul/2014:16:39:59 -0300] "POST /wp-content/themes/wilborada/wp-query.php HTTP/1.1" 200 132 "-" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:23.0) Gecko/20100101 Firefox/23.0
Saludos