This is a heads up for keeping your website secured.
This morning one of our personal business websites came under attack from an Ukrainian IP number. Here is the file they were attacking.
September 4, 2020 3:14am 45.10.88.238 (Ukraine) Blocked for Directory Traversal - wp-config.php in query string: download=../../../wp-config.php
In 10 minutes it received 520 attacks from the above IP number to that file. Our in-office support team blocked the IP number in cPanel when they saw the attack taking place. No matter how long it would have lasted if they didn't block the IP number and what would of happened if we didn't have Wordfence installed on the site.
Wordfence is the one that caught it and started blocking the attack.
The site never went down and is still up and running just fine.
So, I'll say again, make sure you have security in place to stop an attack like that. You might would want to block that IP number also, and keep your site updated anytime a new plugin, theme, or WP version update has come out.