Wordpress admin and ASM
Is anyone out there able to implement ASM protection for Wordpress admin access sucessfully? I'm new to the ASM component and having a heck of a time trying to get our policies tuned so some of our editors do not trigger a block. What we see is them browsing the site(s), moderating/editing posts making numerous js/css/image/ajax requests. They seem to be triggering the webscraping mechanism, more specifically the 'Session Transaction Anomaly', which we've increased from the default value of 400 up to 600. These editors are internal and external, so whitelisting them by IP isn't really an option. We've also created some rules to disable ASM/DOS protection based off certain criteria, URI contains /wp-admin.php/edit.php/.js/.gif/.jpg/.css again...no luck.
I'd hate to simply disable webscraping altogether and hoping someone might have some experience dealing with Wordpress and the ASM protections or perhaps some general insights.
TIA