Rate limiting and admin ajax

Hi everyone,

I’m currently looking at the rate limiting in the WAF firewall to avoid brute force attacks.

I’m thinking aboout blocking /wp-admin and /wp-login.php if there are more than 3 attempts in less than 10 seconds (I have the free plan)

If I just rate limit /wp-admin and /wp-login.php, what happens to the admin-ajax or theme editor which need to use this : /wp-admin/admin-ajax.php & /wp-admin/theme-editor.php ?

Thanks

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.