I have a LAMP configured server and multiple times from the Apache error log file I can see warning messages like this one:
[Thu Jul 02 08:54:04.263981 2015] [:error] [pid 12059] [client 5.45.79.44:49144] script '/var/www/html/wp-update.php' not found or unable to stat, referer: http://example.org/wp-update.php
Currently I have mod_security and inside Wordpress Wordfence enabled.
What should be done in such cases to protect and prevent from these attacks?
Those warning messages can be ignored, since they are generated when Apache can't find the requested file (404) or permission to the requested file is denied (403).
I see tons of such messages daily in my server logs and the reason they appear is, that some automated scripts try to check your server for vulnerable/insecure scripts, that the admin may have forgotten. Lately I even noticed, that those kind of mass-requests even target SSH keys (GET /var/www/.ssh/id_rsa - just in case the server admin really misconfigured the server).
Running mod_security on your server with a tight ruleset (e.g. OWASP CRS) gives you a good basic protection against various kind of known/unknown attacks.
