I run a WordPress website and recently started taking safety measures, considering spike in attack attempts.
I have implemented Zero trust for the wp-login.php and WAF rules for bellow:
block access to xmlrpc.php if referrer doesn’t contain domain.
Please suggest me the best way to further block access to
I see the automatic block by WAF managed rules set to attempts on executing scripts on other php files.
If I block access to wp-content / wp-includes if referrer doesnt include