Technical Tip: How to block websites that are using WordPress

1. To block websites that are using WordPress to keep users from getting malware from a poorly configured website.
2.  For this, use the Content filter under any web filter profile: Technical Tip: FortiGate configure web filter cont... - Fortinet Community
3.  In a page made with WordPress, a /wp-content/ and a /wp-admin/ reference are visible. There are a lot of frameworks and JavaScript tells in a WordPress website. It is possible to see them by 'right-clicking' on web site and then selecting the view page sources.

4. After the references are known on the website, it is possible to make a wild card for those references on the web filter content and block them.

5. Then use the web filter profile on the policy, make sure the policy is in proxy mode, and also use deep packet inspection to make it work efficiently.

6. If deep packet inspection is used, the deep packet inspection certificate should be installed on the user browser. It will then, be possible to browse: Technical Tip: How to enable deep inspection and i... - Fortinet Community
7.  After this, if the website is checked again, the  page is blocked.

8. Make sure to block the Quic protocol because it is not supported by Deep packet inspection. Make the policy for blocking UDP 443 and put that policy on the top: Technical Tip : How to block/disable QUIC - Fortinet Community

Make sure all these steps are correct and if still does not work, contact Fortinet Support:

https://support.fortinet.com/welcome/#/