How to setup Cloudflare Firewall to Protect your WordPress Site.

This entry is similar to Harden & Protect WordPress WP-Admin Using Cloudflare however as opposed to creating CloudFlare Page Rules to protect wp-admin we will create a firewall rule to do so. You can use this in tandem with the page rule to protect your WordPress wp-admin.

Prerequisites:

• You will need a WordPress Website.
• You will need to register and add your domain at Cloudflare.
• You will need access to your (existing) domain name providers DNS panel.
• You will need to change name servers with your (existing) domain name provider to Cloudflare.

Getting started:

1.) Begin by logging into CloudFlare and navigate to the site you wish to create a firewall rule for the clicking on firewall.

2.) Next we will need to create a new Cloudflare Firewall rule.

3.) Now we will need to name our Firewall Rule Harden wp-admin once that is complete click on Edit expression.

4.) Now we will write a rule that will run when incoming requests match the follow:

(http.request.uri.path contains "/wp-admin" and ip.geoip.country ne "US")

To explain this rule, it is basically has two parts. The first is if the URI path contains /wp-admin and the second says and the Country does not equal United States then Block.

5.) Now click Deploy:

Conclusion:

With this CloudFlare Firewall Rule we have now secured only traffic that is from the United States to /wp-admin all other traffic will be blocked. Keep in mind that if we wanted to we could restrict the IP in the expression to an IP address if we wanted to, but I think this rule certainly helps. Are you using any Cloudflare firewall rules? Share in the comments below what expressions you are using.