I have followed some instructions from an article about blocking wp-login.php through firewall rule.
I see that it is working and indeed i no longer see failed authorization attempts through our Sucuri Audit logs.
I used the below:
http.request.uri.path contains "/wp-login.php"
However, i see that a couple of customers (woocommerce) also got blocked, upon further inspection i se this string on cloudflare logs:
Any thoughts about that?