StackPath Support

EdgeRules Recipe: Block Access to WP-Admin

According to https://wpwhitesecurity.com, a survey of 40,000+ WordPress websites in the Alexa Top 1 Million, more than 70% of WordPress installations are vulnerable to hacker attacks.

One of the quickest ways to protect your WordPress installation with StackPath is to restrict the wp-admin URL through a custom Path or IP address filter. A simple rule will accomplish this. 

Skill LevelEasy, one line directives, no complex configuration

Time Required: 5 minutes

Tools RequiredEdgeRules

Edge Rule Setup

  1. Log into the StackPath Control Panel
  2. Select Sites and then select Manage  next to the site where you want to create the rule
  3. Select CDN and choose EdgeRules
  4. Select Add New Rule and then + New Rule
  5. Match the Criteria and Features to this image
    • Status Code = 403
    • Conditional = "$request_uri = RegEx (Case Insensitive) = \/(wp-admin)\/.*

Testing

To test this rule please use the following two Curl examples. The results should match the examples below. Please replace "cdn.domain.com" with your WordPress installation url. 

CURL example to an unprotected page

curl -I http://cdn.domain.com/
HTTP/1.1 200 OK
Date: Sun, 08 Mar 2015 18:22:50 GMT
Content-Type: text/html;charset=UTF-8
Connection: keep-alive
Cache-Control: private
Vary: Accept-Encoding
Server: NetDNA-cache/2.2
Link: ; rel="canonical"
X-Cache: HIT

CURL example to the protected wp-admin page

curl -I http://cdn.domain.com/wp-admin/
HTTP/1.1 403 Forbidden
Date: Sun, 08 Mar 2015 18:22:54 GMT
Content-Type: text/html
Content-Length: 168
Connection: keep-aliveServer: NetDNA-cache/2.2

Return to top