Cloudflare allows adding Firewall & Page Rules to your site, the options are included in free accounts as well. With these rules, you can help protect your WordPress installation against common attacks for both known and undisclosed vulnerabilities.
Protect Your Web Application using Cloudflare Page Rules
Page Rules are useful to add custom settings to certain web paths, for example, you may wish to set higher security on your application login page.
First, log in to your Cloudflare account, then click the Page Rules button in the toolbar at the top of the page.

In the Page Rules section at the top of the page content, click the Create Page Rule button and add the 2 rules with below configurations.
LOGIN PROTECTION RULE

URL: https://www.examples.com/wp-login.php
Page Rule Settings:
- Browser Integrity Check: On
- Security Level: I’m Under Attack
- Cache Level: Bypass
ADMIN PROTECTION RULE
URL: https://www.examples.com/wp-admin/*
Page Rule Settings:
- Browser Integrity Check: On
- Security Level: High
- Cache Level: Bypass

Protect Your Web Application using Cloudflare Firewall Rules
Now click on the Firewall button in the toolbar at the top of the page.

XMLRPC PROTECTION RULE
Next, in the Firewall Rules section at the top of the page content, click the Create a Firewall Rule button.

Your rule form should look like this:

NOTE: You shouldn’t use this rule on your site if you are using ping or any similar service involving xmlrpc.php
Let us know in the comments section if the guide was helpful or not.