Forum Discussion

Nimbostratus

Jan 18, 2017

Wordpress admin and ASM

Is anyone out there able to implement ASM protection for Wordpress admin access sucessfully? I'm new to the ASM component and having a heck of a time trying to get our policies tuned so some of our e...

ASM Advanced WAF

security

samstep

Cirrocumulus

Jan 23, 2017

I assume that in your case WordPress is used as a Content Management System so only authorised users can log in rather than members of the public. If you have granted a user an Admin or Editor permission then he/she are not going to scrape the site.

You can then exclude the

/wp-admin/

from WebScraping policy.

Unauthorised users and scrapers will only hit the login screen when trying to get any URL under /wp-admin/ and won't be able to log into the WordPress Admin so nothing to scrape there apart from the login form.

The scrapers will be after your public content which will be on the main website URLs and /wp-content/ path.

Generally speaking any CMS system is a headache for ASM Administrators as it requires very careful and precise policy tuning.

Forum Discussion

Wordpress admin and ASM

Recent Discussions

GSLB - Monitoring LTM VIP load balancing via iRule

Deleting Old Certs

Hybrid Exchange traffic and Starttls

GCP F5 deployment - Active -Active with config Sync

IP Intelligence

Related Content

Change admin account

Ansible module to update BIG-IP root/admin passwords

Unable to login on F5 GUI using default admin/admin username & password.

WordPress Content Injection Vulnerability - ASM Mitigation

BIGIQ/DCD and BIGIP Admin password change