According to https://wpwhitesecurity.com, a survey of 40,000+ WordPress websites in the Alexa Top 1Million, more than 70% of WordPress installations are vulnerable to hacker attacks.
One of the quickest ways to protect your WordPress installation with StackPath is to restrict the wp-admin URL through a custom Path or IP address filter. A simple Edge Rule will accomplish this.
Blocking wp-admin access through your StackPath CDN URL
Use this section of the article if you are caching static assets. Please note that this will not block access to the wp-admin using your root domain.
- Log into the StackPath Control Panel
- Select Sites and then select Manage next to the site you wish to create the edge rule with
- Select CDN and choose EdgeRules
- Select Add New Rule and then + New Rule
- Match the Criteria and Features to this image
- Status Code = 403
- Conditional = "$request_uri = RegEx (Case Insensitive) = \/(wp-admin)\/.*
Testing
To test this Edge Rule please use the following two Curl examples. The results should match the examples below. Please replace "cdn.domain.com" with your WordPress installation url.
CURL example to an unprotected page
curl -I http://cdn.domain.com/
HTTP/1.1 200 OK
Date: Sun, 08 Mar 2015 18:22:50 GMT
Content-Type: text/html;charset=UTF-8
Connection: keep-alive
Cache-Control: private
Vary: Accept-Encoding
Server: NetDNA-cache/2.2
Link: ; rel="canonical"
X-Cache: HIT
CURL example to the protected wp-admin page
curl -I http://cdn.domain.com/wp-admin/
HTTP/1.1 403 Forbidden
Date: Sun, 08 Mar 2015 18:22:54 GMT
Content-Type: text/html
Content-Length: 168
Connection: keep-alive
Server: NetDNA-cache/2.2