Questions about our situation

We maybe want to use Cloudflare, but I don’t know if this is the solution for our problem. Maybe you can tell me if the solution you are offering is a fix for our problem.

Our problem:
We’ve got a WordPress blog (blog.our-blog.nl) that is shown at our website (www.our-site.nl/blog) via a reversed proxy. Now as you probably already know, WordPress has an admin area where you can log on with username and password. Now bots are trying to log in all the time, and fail2ban that is on our hosting provider, will block our ip-address. Because it is a reversed proxy every request is made from the ip-address of our reverserd proxy. So nobody can enter the site anymore because they are all being blocked.

Would it help if we added Cloudflare between the reversed proxy and the WordPress blog?

Also, we have multiple blogs for whole Benelux, so we need this configuration for more sites. Is that also possible?

If you don’t have complete control over the software of the backend service (in terms of configuring fail2ban), Cloudflare wouldn’t help as requests would also all come from the same (well, a small group) of IPs.

If you just want to solve the bot problem, you could add the main site www.our-site.nl to Cloudflare and then set up either Cloudflare Access for www.our-site.nl/blog/wp-admin or set up a firewall rule for www.our-site.nl/blog/wp-admin with the “challenge” (recaptcha) action

1 Like

Check out:
https://support.cloudflare.com/hc/en-us/articles/360027519452-Introduction-to-Cloudflare-Bot-Management

Part of that is IP reputation, which may or may not help since you already have a reverse proxy.

You may also want to try a WP firewall plugin.

Hi Judge,

We do not have control of the fail2ban on the hosting server, because we use shared hosting. They can not change it only for us.

I want to prevent the blog from going down by the many log-in attempts the bots make. Is that possible with Cloudflare?

Best regards,
Dennis

This topic was automatically closed after 31 days. New replies are no longer allowed.