How to protect /wp-admin/ and /wp-login.php and not block others plugins (Newbie)

Hi, Guys

I need some help to protect /wpadmin and /wp-login but some reason when I try to configurate the firewall rules like this.


The
(http.request.uri.path contains “/wp-admin/” and
http.request.uri.path ne “/wp-admin/admin-ajax.php” and ip.src ne 199.199.199.19)

Its blocking the form of contact of mobile of my site ( I use elementor for some reason when i have this configuration is blocking the form of the elementor form.) Some one can help me to fix this issue.

It’s likely that the plugin is accessing something else under /wp-admin. Sadly, different plugins can use different things from inside that directory, so admin-ajax.php may not be the only thing you need to exempt. Blocking /wp-admin often breaks plugins or themes.

You could check your firewall logs to see what path or paths it is trying to access. Or, I would rather recommend that instead of blocking /wp-admin/ you can block the wp-login.php script.

I’d suggest you to see the recommendations from the article below and implement them, due to usage of Elementor and Cloudflare:

In short, despite the Cloudflare plan we are using, I’d say using multiple ways and different types of available features available to us at Cloudflare dashboard.

First things first, make sure your DNS hostname for your domain (root, www, sub…) is proxied and set to :orange:.

If I may add here as a really good reference for further cases in terms of security and protection with Cloudflare from my colleague @jnperamo :

We can lock down our web host and allow only the Cloudflare to connect and similar techniques:

We can use Cloudflare Access / Zero Trust (Teams):

Sharing some useful stuff here:

Just in case, as far as running WordPress which uses WP-Cron and as far as sometimes Cloudflare catches it and block/challenge the request, I’d also suggest you to whitelist the origin host/web server IP at Cloudflare → Security → WAF → Tools → IP Access Rules with the action “allow” for your Website.

Should look like on the below screenshot as an example:

Hope it helps a bit :slight_smile:

Thanks Fritex for all information. I did all changes on my Cloudflare if you have more tips i will appreciate. 5 start for your help!!

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.