diff --git a/templates/nginx/common/wpcommon.conf b/templates/nginx/common/wpcommon.conf
index 2f38305..962f11b 100644
--- a/templates/nginx/common/wpcommon.conf
+++ b/templates/nginx/common/wpcommon.conf
@@ -3,17 +3,17 @@
 
 # Limit access to avoid brute force attack
 # https://baraktawily.blogspot.com/2018/02/how-to-dos-29-of-world-wide-websites.html
-location = /wp-admin/load-styles.php {
-	limit_req zone=one burst=1 nodelay;
-	include common/acl.conf;
-	include fastcgi_params;
-	fastcgi_pass php;
-}
-location = /wp-admin/load-scripts.php {
-	limit_req zone=one burst=1 nodelay;
-	include common/acl.conf;
-	include fastcgi_params;
-	fastcgi_pass php;
+location /wp-admin {
+	location ~ /wp-admin/admin-ajax.php$ {
+		include fastcgi_params;
+		fastcgi_pass php;
+	}
+	location ~* /wp-admin/.*\.php$ {
+		limit_req zone=one burst=5 nodelay;
+		include common/acl.conf;
+		include fastcgi_params;
+		fastcgi_pass php;
+	}
 }
 location = /wp-login.php {
 	limit_req zone=one burst=1 nodelay;