the web gui would not be open to the public wan IP.. You should not need a specific rule! By default ALL unsolicited traffic to wan is blocked by default.
You sure your accessing it via wan and not the lan?
How do you have your pfsense setup in your network.. Is the wan on the public NET!! or is it behind a nat already? On a work call currently, but as soon as finishes will take a look at the pfsense config to allow it to happen.
Also what version are you running? 2.0.2, 2.1? 2.0.3 ?
I just checked mine and its not open to public - are you accessing it via a nat reflection or something. Since you have changed the port, have you check the Disable webConfigurator redirect rule
option the advanced settings.
What I think could be happening is you have the antilockout rule running on your lan. and then hitting it maybe via nat reflection?
BTW: Such a question is better suited for the pfsense forums, very responsive people there! Me being one of them
Just use a different nick there.