Can Someone By Pass Cloudflare to Access My Website

Hi Everyone,
I am a newbies in the world of WWW. I am having following issue.
My website is getting traffic that is not present in Cloudflare security events log. The log of Wordfence, a WordPress security plugin, shows that on 19-11-2023 at 10:30:23 PM an IP address (a Bot) accessed my website which is not appearing in Cloudflare’s security events log. Wordfence blocked it. This IP address had 92 hits on my website from 10:29:40 PM to 10:30:23 PM i.e. in 43 seconds. All the pages accessed were non-existent.
I think that Cloudflare’s security is bypassed to access my website directly.
Can someone please tell me what it actually is.
Looking forward.

In order to allow only Cloudflare to access your webserver, to prevent connections direct to your origin, you can:

  • set your firewall to only allow Cloudflare IP addresses to access port 80 and port 443
    IP Ranges


  • add a Cloudflare origin pull certificate to restrict access to Cloudflare accessing your webserver
  • add your own origin pull certificate to restrict access to Cloudflare using your domain to access your webserver
1 Like

Thanks’ for your reply.
Can you please guide me where to add the IP ranges.

Add them to your firewall or allowlist in your control panel (blocking everything else). If you can’t access that due to your hosting package or it isn’t offered, then one of the alternate solutions is needed.

1 Like

I am using Namecheap. Where to find the firewall in c-panel. Please guide.

You will need to ask Namecheap or cPanel for help. Cloudflare does not offer cPanel hosting and as such it is off-topic for discussion here. You may also want to seek assistance in a general webhosting or cPanel forum.

Namecheap refused to help on ip/firewall thing. They referred me to origin pull certificate thing to Cloudflare article mentioned above.

So it means you cant use SSL from cloudflare, as im having some sites there

But i think i m using cloudflare ssl on one of my site

I am also using SSL but they are not allowing to use firewall separately to allow traffic only from Cloudflare IPs.
Is there any wordpress plugin for this?
Please guide me.


This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.