How to block wordpress search results?

As title. I want to protect my website from ddos attack and so I want to block every access to urls like: domain/?s=*
where * is whatever term the attacker may use.

So I want to ask if this is correct:
URI → is equal to → /?s=*

tl;dr does the * works for what I’m trying to achieve or should I use something else?

Thank you

As long as there aren’t other query strings that end with an ‘s’, then this Firewall Rule should work:

(http.request.uri.query contains "s=")



1 Like

I have a query that has status= in it and it’s blocked

Add another condition in that rule for AND URI Query String does not contain “status”


He is targeting the search form right now but somehow he is bypassing the cloudflare Firewall. Any idea what I could do?

For the firewall to be effective, your server needs to block any requests not coming from the list.

1 Like

Hello, I’m getting ddossed right now and he is targeting the search function of wordpress. The weird thing is, I blocked every request from the cloudflare firewall but (How to block wordpress search results? - #4 by jeansureau98)
but somehow he is bypassing it. Any idea why?

I followed this tutorial: Using IPTABLES to Require CloudFlare for All HTTP/HTTPS Traffic
But doesn’t work

The best way to test this is to try this from command line on your home computer:

curl -svo /dev/null --connect-to :: (but use your server’s real IP address).

It should block your request since you’re going direct.

1 Like

I get a failed to connect: connection timed out

But after that, I can see on my log that some traffic is still accessing my website and doing the search ddos.
I tried both enabling the under attack mode, setup the firewall on cloudflare to block that search request, I disabled the search function within wordpress, now it shows a 404 page instead, enabling the bot fighting, but nothing, they can still access my site and doing the research and bring down my vps

For example as I said yesterday I blocked the whole noth america continent, so how can this IP
still access and make the research?

Try enabling URL Normalization:

1 Like

Just done.
Didn’t stop them.
They keep pushing the same url and bringing my vps down

Try something like this for now:
(http.request.uri.path eq "/" and not http.request.uri.query contains "status")

That should block all searches. It’ll probably block some other stuff, but it may help track down how they’re getting around the firewall.

1 Like

This worked, thank you! In the meanwhile I also upgraded to the pro plan.
Now what to do next? Since this is a temporary solution since may block something else?
Also this is the third attack in 24 hours under different targets on my website (all through HTTP(s)), So I expect more maybe

(also I’m time limited to reply on the forum)

Now take a closer look at the search queries that have been blocked. It should show you the query string that wasn’t being blocked by our “s=” attempt, or…hopefully…something else they all have in common.


My bad. Thanks.
I think I noticed now and apparently this may have been my mistake.
I blocked this query string initially: /?s

While after double checking now, you told me to block ?s

Indeed the query string that is blocked with the / URI now, all start the query string with ?s and not with /?s

Can you confirm me this little missed detail allowed them to bypass the firewall?

The query string should be: s=
The question mark itself means that the stuff after that is the query string.


Hello, this is lasting from 12 hours now. Will this ever stop? Also on the firewall on the top events by path, the most hit path is / how is this possible since every request is a uri string search?