WAF rule for filtering out a bunch of wordpress requests. Kind of simple but it does the job. Also nukes anything that ends with php.
socksthewolf.com
Wordpress.waf
1(http.request.uri contains "wordpress") or (http.request.uri contains "wp-") or (ends_with(http.request.uri, ".php")) or (http.request.uri contains "wp-login") or (http.request.uri.path wildcard r"*blog*") or (http.request.uri contains "WordPress") or (starts_with(http.request.uri.path, "/wp"))