Does anyone know if you can set a custom rule to block login attempts to wp-login.php on the ‘admin’ account? (I never use admin as login for my Wordpress sites)
SecRule REQUEST_FILENAME "@contains /wp-login.php" \
"phase:2, \
id:112222, \
msg:'COMODO WAF: Custom rule for block login attempts to wp-login.php on the admin account for WordPress', \
log,deny,status:403, \
t:none, t:urlDecodeUni, t:normalisePath, t:lowercase, chain"
SecRule ARGS_POST:log "@streq admin" \
"t:none, t:lowercase"