Enhance brute force protection

Hi,
I have this rule on my cloudflare but I still see ip addresses in the server logs trying to hit wp-login and xmlrpc (denied in htaccess). Any way to change this rule to better protect these types of attacks on wp-login?

cfrule

1 Like

You could set up Cloudflare Access for wp-login.php and/or wp-admin so that CF intercepts and requires CF access auth before they/you can even see the wordpress auth system.

Thanks Judge.

The other thought I just had was to make the rule “I’m under attack” for wp-login. Wouldn’t that present the attack bot with a challenge and stop the attack?

I am under attack would probably block them but everyone would be challenged.

You could try a firewall rule and lock that path down to your IP, ASN, or Country.
Lock down to your IP:

(http.request.uri.path contains "/wp-login.php" and ip.src ne 123.456.789.1)

Action -> block

Not that bulletproof as Cloudflare Access, and probably annoying if your IP is dynamic. And problematic if you have other editors contributing to your blog.

A country based block could look like:

(http.request.uri.path contains "/wp-login.php" and ip.geoip.country eq "AF" and ip.geoip.country eq "CN" and ip.geoip.country eq "US")

Action -> block

But I’d prefer the same option as @Judge

1 Like

I use a firewall rule so that only my ip has access. It works fine for me, the only minor inconvenience is my ip changes daily so I have to access the firewall rules once per day.