Hi a question the DDOS protection rule should it be inserted on the entire website (domain) or only on the domain / wp-admin or wp-login?
Thank you!
My domain is:
fritex
July 27, 2022, 12:03pm
2
Greetings,
How about starting with the below:
This guide is for those users of Cloudflare who experience medium-high level complexity DDoS attacks.
Continue reading if you want to accomplish the following:
Becoming more familiar with the Cloudflare Dashboard and crafting custom firewall rules.
Understanding the standard behavior of DDoS attacks and deploying effective firewall rules.
Realizing how powerful and valuable Cloudflare Firewall Rules are.
I initially thought of making a more complex guide (I will). However, I realized that no…
Get started · Cloudflare DDoS Protection docs
Related content:
Archive This tutorial covers some of the steps you can try to take to protect yourself from a DDoS attack. There is a <a href="https://support.cloudflare.com/hc/en-us/articles/200170196-I-am-under-DDoS-attack-what-do-I-do-">Cloudflare Support Article</a> on this as well.
Sign up for Cloudflare - Cloudflare can provide a lot of helpful tools to help you overcome a DDoS…
Kindly see more by reading Cloudflare articles which contain a lot of helpful information for better understanding and usage as well in terms of Security and Protection:
Since you’re using WordPress, I’d like to share two of my posts containing multiple things related to your question.
Combining them into few Firewall Rules, you can get what you need for the best possible security & protection of your WordPress instance
That is a good question out there.
I would say it cannot be stated as a general rule of thumb, as far as some WordPress websites do not have to use like POST or PUT (WP REST API, wp-json, plugins etc.), while other have to - just an example.
You could try to block TRACE & TRACK for example.
Or, if you could for example, limit HEAD, GET and POST for some specific IP or some similar scenario, where you protect your Website from bad bots, possible attacks, etc. in terms of security measurements. …
Few like 1-10, or 100-500 ?
Are these maybe the crawlers or bots? Did you analyze your web traffic?
Are the naked domain and www DNS records proxied? (
koky251:
wp-admin or wp-login
We can use Cloudflare Access / Zero Trust (Teams):
https://www.tuonetti.fi/en/cloudflare-access-guide/
1 Like
system
August 11, 2022, 12:04pm
3
This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.
