diff --git a/plugins/wordpress-rule-exclusions-before.conf b/plugins/wordpress-rule-exclusions-before.conf
index 7b307ea..48257d2 100644
--- a/plugins/wordpress-rule-exclusions-before.conf
+++ b/plugins/wordpress-rule-exclusions-before.conf
@@ -70,7 +70,7 @@ SecRule REQUEST_FILENAME "@endsWith /wp-login.php" \
             ctl:ruleRemoveTargetByTag=OWASP_CRS;ARGS:pass2"
 
 # User Login
-SecRule REQUEST_FILENAME "@streq /wp-admin/admin-ajax.php" \
+SecRule REQUEST_FILENAME "@endsWith /wp-admin/admin-ajax.php" \
     "id:9507121,\
     phase:1,\
     pass,\
@@ -144,17 +144,17 @@ SecRule REQUEST_FILENAME "@rx /wp-json/wp/v[0-9]+/(?:posts|pages|templates)" \
 # Gutenberg via rest_route for sites without pretty permalinks
 SecRule REQUEST_FILENAME "@endsWith /index.php" \
     "id:9507141,\
-    phase:1,\
+    phase:2,\
     pass,\
     t:none,\
     nolog,\
     ver:'wordpress-rule-exclusions-plugin/1.0.1',\
     chain"
-    SecRule &ARGS_GET:rest_route "@eq 1" \
+    SecRule &ARGS:rest_route "@eq 1" \
         "t:none,\
         nolog,\
         chain"
-        SecRule ARGS_GET:rest_route "@rx ^/wp/v[0-9]+/(?:posts|pages|widget-types|tags|templates|users)" \
+        SecRule ARGS:rest_route "@rx ^/wp/v[0-9]+/(?:posts|pages|widget-types|tags|templates|users)" \
             "t:none,\
             ctl:ruleRemoveTargetByTag=OWASP_CRS;ARGS:content,\
             ctl:ruleRemoveTargetByTag=OWASP_CRS;ARGS:json.content,\
@@ -181,17 +181,17 @@ SecRule REQUEST_FILENAME "@rx /wp-json/wp/v[0-9]+/media" \
 # Gutenberg upload image/media via rest_route for sites without pretty permalinks
 SecRule REQUEST_FILENAME "@endsWith /index.php" \
     "id:9507143,\
-    phase:1,\
+    phase:2,\
     pass,\
     t:none,\
     nolog,\
     ver:'wordpress-rule-exclusions-plugin/1.0.1',\
     chain"
-    SecRule &ARGS_GET:rest_route "@eq 1" \
+    SecRule &ARGS:rest_route "@eq 1" \
         "t:none,\
         nolog,\
         chain"
-        SecRule ARGS_GET:rest_route "@rx ^/wp/v[0-9]+/media" \
+        SecRule ARGS:rest_route "@rx ^/wp/v[0-9]+/media" \
             "t:none,\
             ctl:ruleRemoveById=200002,\
             ctl:ruleRemoveById=200004"
@@ -323,7 +323,7 @@ SecRule ARGS:wp_customize "@streq on" \
     nolog,\
     ver:'wordpress-rule-exclusions-plugin/1.0.1',\
     chain"
-    SecRule ARGS:action "@rx ^(?:|customize_save|update-widget)$" \
+    SecRule ARGS:action "@rx ^(?:customize_save|update-widget)$" \
         "t:none,\
         chain"
         SecRule &ARGS:action "@eq 1" \