Hi, I have a Wordpress site and I wish to block any URLs that contain wp-admin, but WP needs that /wp-admin/admin-ajax.php will be accessible to the site’s visitors.
I don’t wish to use the “CF Access” feature as I don’t wish to have a CF login page for the admin areas.
So, I think of using the “Lockdown Zone” feature this way:
1st/top rule - Allow all IPs access to /wp-admin/admin-ajax.php
2nd rule - Allow only my IP to access wp-admin and all other IPs will be blocked
I guess this should do the work, but what is still unknown to me, since I didn’t find any mention of it in the CF help, is which of the CF checks/defences will still be applied to any IP that is allowed to pass the Lockdown Zone, as I need to know that I don’t give everyone a “free ticket” to attack /wp-admin/admin-ajax.php
Anyone can tell me? or suggest a better idea to achieve this goal?