Block wp-admin but exclude password-strength-meter.min.js

Hello,

I currently have a Firewall rule to block people from accessing our wp-admin from wordpress.
This works quite well, but it seems that regular users are using the the following file while registering:
/wp-admin/js/password-strength-meter.min.js

I have tried excluding this from the firewall rule, but somehow these requests are still being blocked. What am I doing wrong and how should I implement this?

Current expression:
(http.request.uri.path contains “/wp-admin/” and not http.request.uri.path contains “/wp-admin/admin-ajax.php” and not http.request.uri.path contains “/wp-admin/theme-editor.php” and not http.request.uri.path contains " /wp-admin/js/password-strength-meter.min.js")

If that’s a direct paste, you’ve got a space before the leading slash.

Otherwise, I’d say that if those other exceptions work, like admin-ajax, then strength-meter exception should also work.

If it’s not that “space” that’s messing it up, there are some other workarounds.

wow you got a keen eye! I have removed the leading slash and will keep an eye if this resolves the issue. Thank you for your help.

1 Like

This topic was automatically closed after 30 days. New replies are no longer allowed.