Cloudflare an protected folders

Hi there,
i am using ubuntu 20.04 and ispconfig 3 and the newest wordpress version
I want to protect the folder wp-admin with a password.
On a domain without cloudflare its no problem and its working but when i use cloudflare with a domain there is no effect of the protected folder and i am not asked to put a password.

Is there a known problem or a solution for that?
thanks for your help

That will interfere with admin-ajax.

What is it you’re trying to protect against?

Hi, thanks for your answer.
i want to protect the wp-admin folder to secure the access to the wp-admin folder. additional i use wp-hide-login

wp-admin doesn’t do any good unless someone is logged in. If wp-login is protected, that’s good enough.

1 Like

As sdayman pointed out, there’s not much point into protecting the folder as no one can do anything with it unless they know the credentials to login.
If you still want to protect it though, you can setup Cloudflare Access, and protect the wp-admin path in a new Access application (use self-hosted).

thanks a lot for your kind answers
should i protect wp-admin or wp-login better?

Once again, you really don’t need to protect any of them, there’s just the facility to do so. It should be Wordpress’ job to make sure that no one can change your website’s contents.

I use Access to protect wp-login. This stops bots from constantly attacking my site’s login page.

My two policies:

  1. Bypass for home IP addresses
  2. Allow for certain email addresses