Want to block wp-login.php

Does anyone know why the following firewall rule won’t work?
I tried Google and community search.

According to this site for example: turbofuture CF rule example

I should be able to make a rule as followed:
Field: URI Path
Operator: contains
Value: /wp-login.php
Action: Block

So if i make a firewall rule like this:

When incoming requests match…
   Field: Hostname
   Operator: equals
   Value: subdomain.myactualwebsite.ext

AND
   Field: URI Path
   Operator: contains
   Value: /wp-login.php    
    
THEN
   Action: block

I also tried for the second value:

wp-login
*wp-login*
*wp-login.php
*/wp-login.php
*wp-login.php*

But none of these will work? Tried from several IP’s and browsers. I can load wp-login.php everywhere. I want it to be blocked however.

This one works for me:

1 Like

Thanks sdayman for your reply! I tried your method but unfortunately, it doesn’t work for me.
Can still access. (and i am not whitelisted anywhere).

Okay i switched the order,
first the URI that contains wp-login,
second the Hostname to equal.

And then it immediately worked!

So then i deleted the whole rule and created a new one,
did the same thing as i tried dozens of times without success.
First Hostname to equal, second the URI. And it works :slight_smile:

So the fix was to… delete the rule and try the same thing again :sweat_smile:

This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.