LC
[email protected]
Get in touch
Client login
text
Back to Snippets

Cloudflare WAF Rule for WordPress

Protect WordPress admin and login pages with Cloudflare WAF custom rules.

cloudflarewafwordpresssecurity

Block Access to Admin (except whitelisted IPs)

text
      Expression:
  (http.request.uri.path contains "/wp-admin"
   or http.request.uri.path contains "/wp-login.php")
  and not ip.src in {YOUR_IP}

Action: Block

Protect Backend and Frontend

text
      Expression:
  (http.request.uri.path contains "/wp-admin")
  or (http.request.uri.path contains "/wp-login.php")
  or (http.request.uri.path contains "/xmlrpc.php")

Action: Challenge (Managed Challenge)

Country Blocking

Block traffic from countries outside your target audience:

text
      Expression:
  not ip.geoip.country in {"US" "CA" "GB" "FR" "MA" "DE"}

Action: Challenge
← All Snippets