Hello,

I currently have a Firewall rule to block people from accessing our wp-admin from wordpress.
This works quite well, but it seems that regular users are using the the following file while registering:
/wp-admin/js/password-strength-meter.min.js

I have tried excluding this from the firewall rule, but somehow these requests are still being blocked. What am I doing wrong and how should I implement this?

Current expression:
(http.request.uri.path contains “/wp-admin/” and not http.request.uri.path contains “/wp-admin/admin-ajax.php” and not http.request.uri.path contains “/wp-admin/theme-editor.php” and not http.request.uri.path contains " /wp-admin/js/password-strength-meter.min.js")

If that’s a direct paste, you’ve got a space before the leading slash.

Otherwise, I’d say that if those other exceptions work, like admin-ajax, then strength-meter exception should also work.

If it’s not that “space” that’s messing it up, there are some other workarounds.

wow you got a keen eye! I have removed the leading slash and will keep an eye if this resolves the issue. Thank you for your help.

This topic was automatically closed after 30 days. New replies are no longer allowed.