Am I getting attack?

Am I getting attack? If so, how do I block them that they can’t get access to my wp files?

Provide me a firewall rule…

C2F10vZL720×1440 131 KB

The resources that are being requested does not seem to me that it is actually an attack. Rather the normal requests to the CSS, JS or image resources.
But, why they are listed at your Firewall events?
Maybe due to some blockage, or an option like “Hotlink protection” being enabled?
Could be I am wrong about it.

Well, despite the fact that either here on the CF community or using Google you can find them, I can but that rule would apply only for .php files under /wp-content/ path, and not for CSS, JS and other MIME file type.

Example:

• https://www.kazimer.com/how-to-protect-wordpress-with-Cloudflare-firewall-rules/

By having the IP address, you can manually add it to your Firewall rule or IP access rule with action “block” to make sure the requests comming from it would not get your resources loaded.

But, you would still see these Firewall events being logged/shown up here as being tirggered.

If interested, below is an article how to use Cloudflare Firewall Rules:

• About Cloudflare Firewall Rules · Cloudflare Firewall Rules (deprecated) docs

• https://support.cloudflare.com/hc/en-us/articles/360016473712-Cloudflare-Firewall-Rules

How can I remove CSS, JS or image resources from the Firewall events?

May I ask what Firewall rule(s) do you trigger for them? Why do they get shown up?