Firewall and page rules for Wordpress setup on free Cloudflare

I saw a post here by PC_Repair which really helped me out setting up different set of rules for my website. I am a novice and his article and all the contributors did a great job, and I thank them for this. Unfortunately the post is now closed for comments, which is a shame because I think it is an ever evolving matter.

I would like to get more clarity on how to best manage Firewall Rules and Pares Rules together so that they complement best one another. My objective is to have a FAST website that is decently protected against known threats. Are the set of rules, combine together, as best as they can be or is there anything else that I should add (or remove) to make them more efficient? I am using LiteSpeed plugin and have WP installed in its own directory.

FIREWALL RULES (4 used)

1. WP Protection & No-Referer Plugin Block
(http.request.uri.path contains "/xmlrpc.php") or (http.request.uri.path contains "/admin/") or (http.request.uri.path contains "/wp-login.php") or (http.request.uri.path contains "/wp-admin/" and not http.request.uri.path contains "/wp-admin/admin-ajax.php" and not http.request.uri.path contains "/wp-admin/theme-editor.php") or (http.request.uri.path contains "/wp-content/plugins/" and not http.referer contains "YOURDOMAIN.COM" and not cf.client.bot)

Managed challenge

2. Content Protection
(http.request.uri.path contains "/wp-content/" and http.request.uri.path contains ".php") or (http.request.uri.query contains "author_name=") or (http.request.uri.query contains "author=" and not http.request.uri.path contains "/wp-admin/export.php") or (http.request.uri contains "/wp-json/wp/v2/users/") or (http.request.uri contains "wp-config.") or (http.request.uri contains "setup-config.") or (http.request.uri.path contains "/wp-content/" and http.request.uri.path contains ".php") or (http.request.uri.path contains ".js.map") or (lower(http.request.uri.path) contains "phpmyadmin") or (lower(http.request.uri.path) contains "thinkphp") or (lower(http.request.uri.path) contains "/phpunit") or (raw.http.request.uri contains "../") or (raw.http.request.uri contains "..%2F") or (http.request.uri contains "passwd") or (http.request.uri contains "/dfs/") or (http.request.uri contains "/autodiscover/") or (http.request.uri contains "/wpad.") or (http.request.uri contains "wallet.dat") or (http.request.uri contains "webconfig") or (http.request.uri contains "vuln.") or (http.request.uri contains ".sql") or (http.request.uri contains ".bak") or (http.request.uri contains ".cfg") or (http.request.uri contains ".env") or (http.request.uri contains ".ini") or (http.request.uri contains ".log") or (http.request.uri.query contains "bin.com/") or (http.request.uri.query contains "bin.net/") or (raw.http.request.uri.query contains "?%00") or (http.request.uri.query contains "eval(") or (http.request.uri.query contains "base64") or (http.request.uri.query contains "var_dump") or (http.request.uri.query contains "<script") or (raw.http.request.uri.query contains "%3Cscript") or (http.request.uri contains "<?php") or (http.cookie contains "<?php") or (http.cookie contains "<script") or (http.referer contains "%3Cscript") or (http.cookie contains "base64") or (http.cookie contains "var_dump") or (upper(http.request.uri.query) contains "$_GLOBALS[") or(upper(http.request.uri.query) contains "$_REQUEST[") or (upper(http.request.uri.query) contains "$_POST[")

Managed challenge

3. User-Agent Blocking
(http.user_agent contains "360Spider") or (http.user_agent contains "acapbot") or (http.user_agent contains "acoonbot") or (http.user_agent contains "ahrefs") or (http.user_agent contains "alexibot") or (http.user_agent contains "attackbot") or (http.user_agent contains "backdorbot") or (http.user_agent contains "becomebot") or (http.user_agent contains "blackwidow") or (http.user_agent contains "blekkobot") or (http.user_agent contains "blowfish") or (http.user_agent contains "bullseye") or (http.user_agent contains "bunnys") or (http.user_agent contains "butterfly") or (http.user_agent contains "careerbot") or (http.user_agent contains "casper") or (http.user_agent contains "checkpriv") or (http.user_agent contains "cheesebot") or (http.user_agent contains "chinaclaw") or (http.user_agent contains "choppy") or (http.user_agent contains "cmsworld") or (http.user_agent contains "copyrightcheck") or (http.user_agent contains "datacha") or (http.user_agent contains "demon") or (http.user_agent contains "discobot") or (http.user_agent contains "dotbot") or (http.user_agent contains "dotnetdotcom") or (http.user_agent contains "dumbot") or (http.user_agent contains "emailcollector") or (http.user_agent contains "emailsiphon") or (http.user_agent contains "emailwolf") or (http.user_agent contains "exabot") or (http.user_agent contains "extract") or (http.user_agent contains "eyenetie") or (http.user_agent contains "feedfinder") or (http.user_agent contains "flaming") or (http.user_agent contains "foobot") or (http.user_agent contains "g00g1e") or (http.user_agent contains "gigabot") or (http.user_agent contains "go-ahead-got") or (http.user_agent contains "gozilla") or (http.user_agent contains "grabnet") or (http.user_agent contains "harvest") or (http.user_agent contains "httrack") or (http.user_agent contains "jetbot") or (http.user_agent contains "jikespider") or (http.user_agent contains "kmccrew") or (http.user_agent eq "leechftp") or (http.user_agent contains "linkextractor") or (http.user_agent contains "linkscan") or (http.user_agent contains "linkwalker") or (http.user_agent contains "loader") or (http.user_agent contains "masscan") or (http.user_agent contains "miner") or (http.user_agent contains "majestic") or (http.user_agent contains "mechanize") or (http.user_agent contains "netmechanic") or (http.user_agent contains "netspider") or (http.user_agent contains "ninja") or (http.user_agent contains "octopus") or (http.user_agent contains "pagegrabber") or (http.user_agent contains "planetwork") or (http.user_agent contains "postrank") or (http.user_agent contains "proximic") or (http.user_agent contains "purebot") or (http.user_agent contains "pycurl") or (http.user_agent contains "python") or (http.user_agent contains "queryn") or (http.user_agent contains "queryseeker") or (http.user_agent contains "radiation") or (http.user_agent contains "realdownload") or (http.user_agent contains "rogerbot") or (http.user_agent contains "scooter") or (http.user_agent contains "seekerspider") or (http.user_agent contains "siclab") or (http.user_agent contains "sindice") or (http.user_agent contains "sitebot") or (http.user_agent contains "siteexplorer") or (http.user_agent contains "sitesnagger") or (http.user_agent contains "smartdownload") or (http.user_agent contains "sosospider") or (http.user_agent contains "spankbot") or (http.user_agent contains "spbot") or (http.user_agent contains "sqlmap") or (http.user_agent contains "stackrambler") or (http.user_agent contains "stripper") or (http.user_agent contains "sucker") or (http.user_agent contains "suzukacz") or (http.user_agent contains "suzuran") or (http.user_agent contains "teleport") or (http.user_agent contains "telesoft") or (http.user_agent contains "true_robots") or (http.user_agent contains "turingos") or (http.user_agent contains "vampire") or (http.user_agent contains "webwhacker") or (http.user_agent contains "woxbot") or (http.user_agent contains "xaldon") or (http.user_agent contains "yamanalab") or (http.user_agent contains "zmeu")

Block

4. Threat Score Challenge
(cf.threat_score gt 14) or (http.user_agent contains "Nimbostratus") or (http.request.uri contains "passwd") or (http.request.uri.path contains ".js.map")

Block

PAGE RULES (2 used)



For the page rules, do we need the full path for the URL, or would it work as well if i used, let’s say, “/wp-admin/” for instance?

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.