According to https://wpwhitesecurity.com, a survey of 40,000+ WordPress websites in the Alexa Top 1 Million, more than 70% of WordPress installations are vulnerable to hacker attacks.
One of the quickest ways to protect your WordPress installation with StackPath is to restrict the wp-admin URL through a custom Path or IP address filter. A simple rule will accomplish this.
Skill Level: Easy, one line directives, no complex configuration
Time Required: 5 minutes
Tools Required: EdgeRules
Edge Rule Setup
- Log into the StackPath Control Panel
- Select Sites and then select Manage next to the site where you want to create the rule
- Select CDN and choose EdgeRules
- Select Add New Rule and then + New Rule
- Match the Criteria and Features to this image
- Status Code = 403
- Conditional = "$request_uri = RegEx (Case Insensitive) = \/(wp-admin)\/.*
To test this rule please use the following two Curl examples. The results should match the examples below. Please replace "cdn.domain.com" with your WordPress installation url.
CURL example to an unprotected page
curl -I http://cdn.domain.com/
HTTP/1.1 200 OK
Date: Sun, 08 Mar 2015 18:22:50 GMT
Link: ; rel="canonical"
CURL example to the protected wp-admin page
curl -I http://cdn.domain.com/wp-admin/
HTTP/1.1 403 Forbidden
Date: Sun, 08 Mar 2015 18:22:54 GMT
Connection: keep-aliveServer: NetDNA-cache/2.2