How to IPs restrict access to WordPress login.php while using Cloudflare?


We used to prohibit access to WordPress admin by using this below in our .htaccess file:

# BEGIN PROTECTION wp-login.php
<Files wp-login.php>
Order Deny,Allow
Deny from all
Allow from
# END PROTECTION wp-login.php

Using Cloudflare it do not work: I get a 403 error (forbidden)…

What is the tips to do that?



I looks like your .htaccess code could be blocking Cloudflare.

Since Cloudflare acts as a reverse proxy, when it’s configured as expected, all connections to your origin webserver come from Cloudflare’s IP addresses, and that may or may not be a problem for you:

  • If your web application is using the originating IP of the visitor as part of its logic, it will now use a Cloudflare IP address
  • If you use the content of your access logs, they now contain a Cloudflare IP address as the $remote_addr

Depending on your setup, you can restore the visitor IPs in a number of ways. You can find a complete list here, or below are a few of the most popular:

This topic was automatically closed after 30 days. New replies are no longer allowed.