rewrite wp-login to /example
firewall rule:block /wp-login
result: rewrite takes place before the block. So, traffic to /example was blocked.
My goal was to block direct request to /wp-login while redirect to /example get redirected it to wp-login without blocking
is there any workaround ?
This is not the most secure way to protect your logon page, if the “secret” URL leaks you have no security at all.
You can use Cloudflare Zero Trust (aka. Cloudflare Access, aka Cloudflare for Teams) to add an authentication barrier in front of your Wordpress logon area. Try this tutorial:
There is now an official guide for this on the documentation, you may want to refer to it alongside this tutorial. Note that this tutorial shows the old method through the main dashboard, the linked doc does it through the Cloudflare for Teams dash.
This tutorial covers the basics of Cloudflare Access and how to protect an admin or other area of your website using this feature.
Please note: This t…
I have no explanation why when I set a firewall rule (challenge all) prior to the block wp-login rule, the redirect to /example works
1- challenge all (not cf.client.bot)
2- block (http.request.uri.path contains “/wp-login”)
the redirect to /example works !!!
This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.