Disable our WP-related custom modsec rules, CRS has better ones

conf/modsecurity/crs/REQUEST-900-EXCLUSION-RULES-BEFORE-CRS.conf

 # Do not inspect the 'pwd' arg of wp-login.php requests (disable all
 # CRS rules).
-SecRule REQUEST_FILENAME "@endsWith /wp-login.php" \
-    "id:1000,\
-    phase:2,\
+#
+# Already included in the set of exceptions when tx.crs_exclusions_wordpress=1
+# is set in crs-setup.conf.
+#SecRule REQUEST_FILENAME "@endsWith /wp-login.php" \
+#    "id:1000,\
+#    phase:2,\
+#    pass,\
+#    nolog,\
+#    ctl:ruleRemoveTargetByTag=CRS;ARGS:pwd"
+
+SecRule REQUEST_URI "@beginsWith /wp-admin/site-health.php" \
+    "id:1001,\
     pass,\
     nolog,\
-    ctl:ruleRemoveTargetByTag=CRS;ARGS:pwd"
+    ctl:ruleEngine=Off"

conf/modsecurity/local.conf

 # Uncomment the following line to enable enforcement. By default,
 # mod_security runs in DetectionOnly mode.
 SecRuleEngine On
-SecRule REQUEST_URI "@beginsWith /wp-admin/post.php" "id:1,ctl:ruleEngine=Off"
-SecRule REQUEST_URI "@beginsWith /wp-admin/admin-ajax.php" "id:2,ctl:ruleEngine=Off"
-SecRule REQUEST_URI "@beginsWith /wp-admin/themes.php" "id:3,ctl:ruleEngine=Off"
-SecRule REQUEST_URI "@beginsWith /wp-admin/admin.php" "id:4,ctl:ruleEngine=Off"
-SecRule REQUEST_URI "@beginsWith /wp-admin/site-health.php" "id:5,ctl:ruleEngine=Off"
 
 # Allow large request bodies (this should be the
 # default, but something overrides it?)