Firewall: Need Help Excluding Wordpress Logout URL's

Security
#1

Hello CF Community,

This is my first ever post in here and I am a total newbie with Firewall settings or coding in general. I am primarily a marketing and content guy. I have a Wordpress site at https://malayali.ca and I am using the PRO plan for the site.

I have blocked the login page through setting up my internet dedicated IP so that only my IP can access the page. However, it is also causing problems for the regular users who logs in and logout from the front end. They get a 1020 error.

I have the following firewall rule at https://malayali.tinytake.com/tt/NTAwNjA2N18xNTc1MjA1Ng

However, I also need my frontend users to go through the following urls without getting a 1020 error.

  • /my-account/customer-logout/?_wpnonce=82366c0583

  • /wp-login.php?action=logout&redirect_to=https%3A%2F%2Fmalayali.ca%2Fmy-account%2F&_wpnonce=0a2fa8d7c2

  • /wp-login.php?loggedout=true&wp_lang=en_US

Any help would be immensely appreciated.

#2

Yeah, that totally bit me, too. But it was for password-protected pages/posts. Who knew?

You’re going to have to unblock wp-login.

I suspect you blocked it to stop attacks. You may just want to use a Firewall Rule that does a JS Challenge. That should stop most bot from brute-forcing your wp-login.

You may even consider a full-site Firewall BLOCK for countries where you want no visitors, but are the source of many of the attacks.

Plan B:
If you have fewer than 50 users, you might consider using the Access product. Post back if you think this is a viable option.

#3

Thank you for the suggestions. Yes I am trying to stop attacks to that page and I thought there is a way around for the regulars users to pass through.

Plan B also does not work for me because I have more that 50 users. Thank you again for the help

1 Like