Rewrite url to block wp-login

rewrite wp-login to /example
firewall rule:block /wp-login
result: rewrite takes place before the block. So, traffic to /example was blocked.

My goal was to block direct request to /wp-login while redirect to /example get redirected it to wp-login without blocking
is there any workaround ?

This is not the most secure way to protect your logon page, if the “secret” URL leaks you have no security at all.

You can use Cloudflare Zero Trust (aka. Cloudflare Access, aka Cloudflare for Teams) to add an authentication barrier in front of your Wordpress logon area. Try this tutorial:

1 Like

@michael

  • if it leaks, I still have all the other measure usually applied to the default login. But changing that default is nice to avoid unneeded hits on it

  • I cant use Zero Trust. the site is open for registrations (students)

I have no explanation why when I set a firewall rule (challenge all) prior to the block wp-login rule, the redirect to /example works
1- challenge all (not cf.client.bot)
2- block (http.request.uri.path contains “/wp-login”)
the redirect to /example works !!!

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.