AFD WAF Managed Rules DRS 2.1 blocks WordPress. The below WP* custom rules let you access WordPress URLs that you need. I also implemented a rate-limiting rule to prevent brute force attacks.
The WP* rules are based on the OWASP CRS - WordPress Rule Exclusions Plugin rules
- AFD Premuim supports max 5 (!) regex, so I had to convert the regex rules to separate rules.