I’d just like to add, blocking anything inside “wp-admin” for end-visitor might result in some issues with theme and plugins for normal website visitors as far as some are using scripts and similar stuff from “wp-admin” folder.
Also, you might be blocking a WP cron like that. Kindly, check on the Security tab → Firewall overview for any of the possible Firewall events being challenged or blocked for your web hosting / server IP.
If you experience that, I’d suggest you to whitelist the origin host/server IP at Cloudflare → Security → Tools → IP Access Rules with the action “allow”.
You’d want to create a Firewall Rule with a JS Challenge or Managed Challenge for like, if URI path contains wp-login.php.
Otherwise, there are few topics around about the similar thing to protect WordPress, but still being able to login yourself in using a method with Cloudflare Access / Teams.
I’d suggest you to use a search button to find more on how to configure that kind of setup. Or, below article could help you:
Using Cloudflare Access / Teams, this can be done, and I know enough people already using it and working fine
Furthermore, regarding WordPress Security & Cloudflare, below might be of help: