For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

DarkSideOfTheQ_'s avatar
DarkSideOfTheQ_
Icon for Nimbostratus rankNimbostratus
Jan 18, 2017

Wordpress admin and ASM

Is anyone out there able to implement ASM protection for Wordpress admin access sucessfully? I'm new to the ASM component and having a heck of a time trying to get our policies tuned so some of our e...
ASM Advanced WAF
security
samstep's avatar
samstep
Icon for Cirrocumulus rankCirrocumulus
Jan 23, 2017

I assume that in your case WordPress is used as a Content Management System so only authorised users can log in rather than members of the public. If you have granted a user an Admin or Editor permission then he/she are not going to scrape the site.

 

You can then exclude the

 

/wp-admin/

 

from WebScraping policy.

 

Unauthorised users and scrapers will only hit the login screen when trying to get any URL under /wp-admin/ and won't be able to log into the WordPress Admin so nothing to scrape there apart from the login form.

 

The scrapers will be after your public content which will be on the main website URLs and /wp-content/ path.

 

Generally speaking any CMS system is a headache for ASM Administrators as it requires very careful and precise policy tuning.