How To Protect WordPress with CloudFlare Firewall & Page Rules

Cloudflare allows adding Firewall & Page Rules to your site, the options are included in free accounts as well. With these rules, you can help protect your WordPress installation against common attacks for both known and undisclosed vulnerabilities.

Protect Your Web Application using Cloudflare Page Rules

Page Rules are useful to add custom settings to certain web paths, for example, you may wish to set higher security on your application login page.

First, log in to your Cloudflare account, then click the Page Rules button in the toolbar at the top of the page.

In the Page Rules section at the top of the page content, click the Create Page Rule button and add the 2 rules with below configurations.

LOGIN PROTECTION RULE

URL: https://www.examples.com/wp-login.php

Page Rule Settings:

  • Browser Integrity Check: On
  • Security Level: I’m Under Attack
  • Cache Level: Bypass

ADMIN PROTECTION RULE

URL: https://www.examples.com/wp-admin/*

Page Rule Settings:

  • Browser Integrity Check: On
  • Security Level: High
  • Cache Level: Bypass

Protect Your Web Application using Cloudflare Firewall Rules

Now click on the Firewall button in the toolbar at the top of the page.

XMLRPC PROTECTION RULE

Next, in the Firewall Rules section at the top of the page content, click the Create a Firewall Rule button.

Your rule form should look like this:

NOTE: You shouldn’t use this rule on your site if you are using ping or any similar service involving xmlrpc.php

Let us know in the comments section if the guide was helpful or not.

Leave a Reply

Your email address will not be published.