Firewall rules, too stricted, how to configure?

due to hackers managing to logging into my WordPress website and bypassing WordFence premium and 2FA i setup Cloudflare premium and setup Firewall, seems like that did the job and blocked attempts are finally gone.

The problem is, I’m using Ultimate Membership Pro and now the membership area is blocked by Cloudflare, how can i configure it right for maximum security but allow users to use the website?

the only area that needs an absolute lockdown is the wp-admin so basically the admin panel.


Regarding the stated, I am curious and wounder for the next:

  • Which Firewall rules have you configured?
  • Moreover, have you selected the “CF-Connecting-IP” at Wordfence?
  • How did they bypass your Wordfence?
  • If you are using at least Pro Plan on Cloudflare, you can activate Managed rules which are a lot helpfull.
  • Moreover, the Security Options like Bot management, Medium Level, etc. helps you a lot.
  • Do you have recaptcha added at your WP-login page?
  • Also you can enable “I am under DDoS attack!” mode if so

You can lock-down either your WP-login page only for you (your IP address) or even your Country (if some small).

Is this an plugin or?

Yes, a plugin. yes i need to lock the admin panel down to only my IP but im not sure how to do it.

You can do it just like as @sdayman written here:

Moreover, make sure at your Wordfence you have selected CF-Connecting-IP.

Yes i made sure of that,
i deleted all the rules i set and i just setup that rule in the screenshot.

Thank you.


This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.