Cloudflare lets through a lot of bad traffic blocked by Wordfence... Why?

Hi there,

We’ve recently moved our website to Rocket, which includes Cloudflare Enterprise. We very happy with the CDN and overall performance, but we’re wondering about the WAF.

Cloudflare has been confirmed as enabled on our website by Rocket support, but Wordfence is still blocking a lot of bad traffic.

We’re wondering how this is possible, given that Cloudflare is supposed block bad traffic BEFORE it reaches our website, and Wordfence isn’t like Sucuri, it has no way to stop the traffic before Cloudflare does so.

I’d love to understand better how this is possible, as we’ve been advised that we could switch Wordfence off, but until we see this bad traffic disappear, we’re not willing to take the risk.

Thanks!

It sounds like Cloudflare’s WAF settings are not fully optimized. We recommend reading through our documentation for more details on different rules you can implement.

Thanks, but on Rocket the user has no access to Cloudflare settings. You can’t install the generic plugin, it doesn’t work with the Enterprise version installed in the Rocket stack. I was told by Rocket support that Cloudflare could only be managed by them.

Then I would reach out to them with this question to see what settings they have set up or enabled for you.

Thanks, but my understanding is that even if I was able to add some IPs to a blocked list, Cloudflare doesn’t have the real-time blocked list that Wordfence has, so I think I’m going to keep Wordfence enabled. I’ve already had that discussion with Rocket support and they would have said if there was any options to play with.

I’m not sure what you mean by this. We do have security events that shows your blocked traffic:

However it sounds like only Rocket has access to the Cloudflare dashboard with this information

There is definitely a lot of options, (again, check out the documentation for details) but if your current set up is working for you, then great! Otherwise you’ll have to reach out to Rocket for specific changes you want made to your Cloudflare WAF

Thanks again. I wasn’t talking about event logs, I was talking about real-time IP blocks. I’m not allowed to post links, but if you google " Wordfence Launches Real-Time IP blocklist for Premium Customers" you’ll see what I mean. My understanding is that Cloudfront doesn’t have such a real-time list of blocked IP, but relies on the user adding IP addresses to block them. However, if I don’t enable wordfence, I have no idea which IPs need to be blocked, and they change all the time so I can’t rely on manual rules.

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.