Bad bots getting past my pagerules


#1

I use page rules to set my WordPress admin area and login screen to “I’m under attack” and “Browser integrity check”. This has always been effective at keeping bad bots away - until recently. Now bad bots are waltzing merrily past my precautions and attempting to log in, or creating bogus subscriber accounts. WP offers solutions for this but I would prefer to block bad bots at the CloudFlare level, not even let them onto my site. Any advice is greatly appreciated.


#2

If you only have a few user accounts, you can set up Access as a gateway.

First, though, are you sure those bots aren’t bypassing Cloudflare and hitting your server directly?


#3

Thank you sdayman for your prompt reply.

“First, though, are you sure those bots aren’t bypassing Cloudflare and hitting your server directly?”
Good point. Pretty sure at least some are coming through CloudFlare because they go away when I block the IP on CloudFlare. I have not checked all though. Possible some are hitting directly.

“If you only have a few user accounts, you can set up Access as a gateway.”
Is that available on the free tier, and if so where can I find information on it?

Again thanks. You provide a lot of help here - thanks for that as well.


#4

“Is that available on the free tier, and if so where can I find information on it?”
Sorry, I see you already provided a link. Thanks again.


#5

The first five Access users are free. Those would be people who receive a login PIN via email.

You can save some money by just “Bypassing” the Access firewall for specific IP addresses. So my home IP address is whitelisted, but if I’m away from home, it will email me a PIN.


#6

Very much appreciated sdayman. Stay awesome.