We are facing a weird issue and wanted to share with the community.
Our website is under a mild DDoS attack. The attacker is using a method that makes them seem like a valid user/viewer of the website thus Cloudflare isn’t blocking the access.
The attacker is generating high active user on the website and since our server can’t process too many simultaneous connection it causes a high CPU load and outage.
At first we tried to use panic mode of Cloudflare to mitigate the attack but it didn’t work. So we turned of the CDN and used our own WAF and with couple of tweaks on rate limit feature we stopped the attack.
However whenever we turn on the CDN on Cloudflare our server goes down. Checking connection we see that most of the connections are made by Cloudflare itself.
Now the only way to stop the attack is only rely on our own WAF and miss out on Cloudflare’s CDN advantages.
I attached one hour attack on the website that our WAF blocked.
I am sorry to hear you are experiencing an issue with Web traffic.
Moreover, I’ve used a few setups with Wordfence + Cloudflare and it worked perfectly fine.
Firstly, may I ask a few questions so we could try to troubleshoot and help you here:
While using Wordfence and Cloudflare, did you configured your Wordfence settings to use “CF-Connecting-IP”?
Are your domain name DNS record at the DNS tab of Cloudflare dashboard proxied and set to ? (A www, A domain.com, or maybe a CNAME type if using that kind of a setup)
Is Cloudflare allowed to connect to your origin host/server?
Have you implemented a way to Restore Original Visitor IP at your origin host/server?
Did you configured some Security options and Firewall Rules at Cloudflare dashboard for protection? (for example, country restriction, wp-login protection and Rate-Limit, Bot Fight Mode, Security Level, Browser Integrity Check, etc.)
From above stated, it sounds to me like your origin host/server couldn’t handle so much web traffic. Are your PHP values tuned-up a bit for WordPress?
Regarding the cache, may I ask if you are using some caching plugin for WordPress at your origin host/server? (cache can help you with a lot of traffic, be it regular or suddenly spread at your website)
Is Wordfence Firewall configured to “Enabled and protecting” mode or rather “Learning mode”?
Did you configured Wordfence security, firewall & blocking options?
May I ask which Cloudflare plan are you using for your own domain?
I am using Cloudflare for a long time and on a lot of WordPress websites, even not using Wordfence and I do believe it can stops a lot of “bad” and “unwanted things” in terms of a traffic, at least what do I see per domain in my Firewall Events at Cloudflare dashboard and on my monthly digest of blocked requests