We maybe want to use Cloudflare, but I don’t know if this is the solution for our problem. Maybe you can tell me if the solution you are offering is a fix for our problem.
Our problem:
We’ve got a WordPress blog (blog.our-blog.nl) that is shown at our website (www.our-site.nl/blog) via a reversed proxy. Now as you probably already know, WordPress has an admin area where you can log on with username and password. Now bots are trying to log in all the time, and fail2ban that is on our hosting provider, will block our ip-address. Because it is a reversed proxy every request is made from the ip-address of our reverserd proxy. So nobody can enter the site anymore because they are all being blocked.
Would it help if we added Cloudflare between the reversed proxy and the WordPress blog?
Also, we have multiple blogs for whole Benelux, so we need this configuration for more sites. Is that also possible?
If you don’t have complete control over the software of the backend service (in terms of configuring fail2ban), Cloudflare wouldn’t help as requests would also all come from the same (well, a small group) of IPs.
If you just want to solve the bot problem, you could add the main site www.our-site.nl to Cloudflare and then set up either Cloudflare Access for www.our-site.nl/blog/wp-admin or set up a firewall rule for www.our-site.nl/blog/wp-admin with the “challenge” (recaptcha) action