WordPress Security: Cloudflare (Layer One)

[ad_1]

Cloudflare > Security > WAF > Custom Rules: This ruleset covers a lot for WordPress, and you could also add contains "password" & "login" as an extra precaution if you use password protected pages or other login URLs

https://preview.redd.it/6v7zq27z60pd1.png?width=1904&format=png&auto=webp&s=3d30b08635381cf4aefc4607f680011a458195dd

https://preview.redd.it/gi849ajz60pd1.png?width=661&format=png&auto=webp&s=20e05e9e8525cf6a11fbe3353bd7d2efaecc5319

Sever Firewall Rules: Allow Cloudflare Proxy IPs Only, No Direct IP Access. This forces everyone to use URL/Domain name, and won't allow them to bypass Cloudflare if they have the server IP.

Remember, this is only one of three layers of security. You will need an application-level security for WordPress, like WordFence, to handle anything that gets passed Cloudflare. For me, it's critical to use CF, because they probably have the largest IP pool of bad actors, and will get even stronger with more users pooling bad actor data.

[ad_2]
1 Comment

 

This site will teach you how to build a WordPress website for beginners. We will cover everything from installing WordPress to adding pages, posts, and images to your site. You will learn how to customize your site with themes and plugins, as well as how to market your site online.

Buy WordPress Transfer