Blocked wp-admin and can't allow my ip address

I blocked access to my website’s wp-admin,wp-login, etc on Cloudflare’s WAF rules and want to exclude myself from being blocked as well.

Allowing my IP Address won’t work because my ipaddress changes everytime I restart/close my router and I do that almost daily. So is there another way to only allow myself to open those pages?


Thank you for asking.

I’d just like to add, blocking anything inside “wp-admin” for end-visitor might result in some issues with theme and plugins for normal website visitors as far as some are using scripts and similar stuff from “wp-admin” folder.

Also, you might be blocking a WP cron like that. Kindly, check on the Security tab → Firewall overview for any of the possible Firewall events being challenged or blocked for your web hosting / server IP.
If you experience that, I’d suggest you to whitelist the origin host/server IP at Cloudflare → Security → Tools → IP Access Rules with the action “allow”.

You’d want to create a Firewall Rule with a JS Challenge or Managed Challenge for like, if URI path contains wp-login.php.

Otherwise, there are few topics around about the similar thing to protect WordPress, but still being able to login yourself in using a method with Cloudflare Access / Teams.

I’d suggest you to use a search :search: button to find more on how to configure that kind of setup. Or, below article could help you:

Using Cloudflare Access / Teams, this can be done, and I know enough people already using it and working fine :wink:

Furthermore, regarding WordPress Security & Cloudflare, below might be of help:

1 Like

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.