Cloudflare pro additional rules

Security
#1

Dear,

I hope everyone is well.

do i need wordpress in cloudflare pro per additional page rules? e.g. /ajax, https, /wp-admin, /preview=true?

Or is that covered by Cloudflare Pro? Do I also need additional firewire rules in Clouflare pro or is that also covered in Pro?

thanks a lot. Best regards and stay healthy Neo

#2

There’s not much difference between Pro and Free for WordPress rules. What are you trying to do with those rules?

#3

Dear, I set these rules. Don’t I need this in the Pro version?

many thanks. Best regards Neo

#4

That tutorial is not a good use of Page Rules.

My suggestions to each of those rules:

  1. Always Use HTTPS is already an option in SSL/TLS -> Edge Certificates
  2. Mostly unnecessary. Attackers rarely go after wp-admin. If you want to protect WordPress, get Wordfence. It’s free.
  3. Cloudflare doesn’t cache previews by default.
  4. If you want to block xmlrpc, use a Firewall Rule.
  5. wp-content/uploads is already cached by Cloudflare by default.
    6-9,11) Cache Everything is risky without checking for Cookies. Pro Plan doesn’t do this. Email obfuscation is in Cloudflare’s Scrape Shield.
  6. There’s no ajax anything in the root directory that I’m aware of.
2 Likes
#5

Dear, thanks to a thousand.

One more question. I also use Jetpack for backups and malware scanning. I also have Patchman with Cloudflare Pro. That should work as well as Wordfence?

Many thanks, Cheers Neo