Can Cloudflare replace Wordfence WordPress plugin?

Recently, I’ve been trying to replace plugins with services not on the same server.

Can the WordPress WordFence plugin be replaced by Cloudflare?

Has anyone tried this?

How has it worked?


In my opinion you should have both Cloudflare WAF and a local firewall.

You can check your past logs from Wordfence to see what are the most common attacks aimed at your site, and create/adjust Custom Rules in Cloudflare WAF so that malicious requests are blocked at the cloud and relieve your server of the duty. If you do this regularly, you’ll notice a diminished activity on your Wordfence logs as time goes by.

Still, there’ll always be cases where a local firewall IMHO is better suited to face the challenge. Cloudflare WAF does not know which theme/plugins you have installed Some WAF rules may result in many false positives depending on the plugins on your installation, and you may end up having to disable them. Also, there might be the rare occasions when we need to pause Cloudflare in order to investigate some technical issue, in which case it’s a better practice to have the local firewall previously active, as you don’t want to count on your memory for that.