Restricting wordpress and plesk login page to cloudflare teams

Does anyone have a guide on how to restrict login pages such as Wordpress and plesk admin login page to have to go via the cloudflare teams login portal?

WordPress Login is pretty easy. That’s just a regular Application:
https://developers.cloudflare.com/cloudflare-one/applications/configure-apps/self-hosted-apps

Hopefully, Plesk will be as easy, but it’d have to be its own Application. Does it also run on Port 443?

Plesk runs on 8443 if you visit the host via IP , this I don’t want anyone to do.

I have a subdomain that points to it and that allows it to be accessed via 443.