Hi,
I have this rule on my cloudflare but I still see ip addresses in the server logs trying to hit wp-login and xmlrpc (denied in htaccess). Any way to change this rule to better protect these types of attacks on wp-login?
You could set up Cloudflare Access for wp-login.php and/or wp-admin so that CF intercepts and requires CF access auth before they/you can even see the wordpress auth system.
Thanks Judge.
The other thought I just had was to make the rule “I’m under attack” for wp-login. Wouldn’t that present the attack bot with a challenge and stop the attack?
I am under attack would probably block them but everyone would be challenged.
You could try a firewall rule and lock that path down to your IP, ASN, or Country.
Lock down to your IP:
(http.request.uri.path contains "/wp-login.php" and ip.src ne 123.456.789.1)
Action -> block
Not that bulletproof as Cloudflare Access, and probably annoying if your IP is dynamic. And problematic if you have other editors contributing to your blog.
A country based block could look like:
(http.request.uri.path contains "/wp-login.php" and ip.geoip.country eq "AF" and ip.geoip.country eq "CN" and ip.geoip.country eq "US")
Action -> block
But I’d prefer the same option as @Judge
I use a firewall rule so that only my ip has access. It works fine for me, the only minor inconvenience is my ip changes daily so I have to access the firewall rules once per day.
This topic was automatically closed after 30 days. New replies are no longer allowed.