| Name | Tag | Field | Operator | Value | Action | Expression Preview |
|---|---|---|---|---|---|---|
Protect the wp-admin Area | securityagressive | URI Path | contains | /wp-admin/ | and | (http.request.uri.path contains "/wp-admin/" and not http.request.uri.path contains "/wp-admin/admin-ajax.php" and not http.request.uri.path contains "/wp-admin/theme-editor.php") |
URI Path | does not contain | /wp-admin/admin-ajax.php | and | |||
URI Path | does not contain | /wp-admin/theme-editor.php | block | |||
Block Admin Logins not from Whitelisted IP | securityagressive | URI Path | contains | /wp-login.php | block | (http.request.uri.path contains "/wp-login.php") |
Block No-Referer Requests to Plugins | securityagressive | URI Path | contains | /wp-content/plugins/ | and | (http.request.uri.path contains "/wp-content/plugins/" and not http.referer contains "yoursite.com" and not cf.client.bot) |
Referer | does not contain | yoursite.com (your domain) | and | |||
Known Bots | block | |||||
Block access to wp-comments.php | securityagressive | URI Path | equals | /wp-comments-post.php | and | (http.request.uri.path eq "/wp-comments-post.php" and http.request.method eq "POST" and not http.referer contains "yoursite.com") |
Request Method | equals | POST | and | |||
Referer | does not contain | yoursite.com (your domain) | block | |||