Wordpress admin and ASM

Question

Is anyone out there able to implement ASM protection for Wordpress admin access sucessfully? I'm new to the ASM component and having a heck of a time trying to get our policies tuned so some of our editors do not trigger a block. What we see is them browsing the site(s), moderating/editing posts making numerous js/css/image/ajax requests. They seem to be triggering the webscraping mechanism, more specifically the 'Session Transaction Anomaly', which we've increased from the default value of 400 up to 600. These editors are internal and external, so whitelisting them by IP isn't really an option. We've also created some rules to disable ASM/DOS protection based off certain criteria, URI contains /wp-admin.php/edit.php/.js/.gif/.jpg/.css again...no luck.&nbsp;
I'd hate to simply disable webscraping altogether and hoping someone might have some experience dealing with Wordpress and the ASM protections or perhaps some general insights.&nbsp;
TIA&nbsp;

samstep · Answer

I assume that in your case WordPress is used as a Content Management System so only authorised users can log in rather than members of the public.
 If you have granted a user an Admin or Editor permission then he/she are not going to scrape the site.&nbsp;
You can then exclude the&nbsp;
/wp-admin/&nbsp;
from WebScraping policy. &nbsp;
Unauthorised users and scrapers will only hit the login screen when trying to get any URL under /wp-admin/ and won't be able to log into the WordPress Admin so nothing to scrape there apart from the login form. &nbsp;
The scrapers will be after your public content which will be on the main website URLs and /wp-content/ path.&nbsp;
Generally speaking any CMS system is a headache for ASM Administrators as it requires very careful and precise policy tuning.&nbsp;

Forum Discussion

Wordpress admin and ASM

1 Reply

Recent Discussions

Chrome V 124+ on MacOS - Virtual Server Access Issue

F5 Rseries HA

Need advise to setup a policy on F5

F5 Rseries R2600 Tenant sizing

Can iRule mask the payload content on event logs of security

Related Content

Change admin account

Ansible module to update BIG-IP root/admin passwords

Unable to login on F5 GUI using default admin/admin username & password.

WordPress Content Injection Vulnerability - ASM Mitigation

BIGIQ/DCD and BIGIP Admin password change