[ad_1]
I had to change several settings to get WordPress mobile app to work.
Currently, I can only use the WordPress app over VPN. Accessing either outside my home office shows a Blocked page from Cloudflare.
In Cloudflare, I created two rules – 1) to block wp-login except for my home office IP and the server itself for public loopback, and 2) block xmlrpc.php the same way.
In Wordfence, I had to allow application passwords, allow xmlrpc.php, and disable 2A for xmlrpc.php.
Since only the server itself and my home office can access wp-login.php and xmlrpc.php, are the wordfence settings going to cause any other issues regarding protecting my site?
My concern is allowing the public loopback which seems to be required for Wordfence to scan itself.
[ad_2]