My website is under attack by bots which are trying to login via random emails and password and getting blocked by Wordfence plugin however the issue is that they are coming up with new IP address and I am getting like 100 requests in 1 minute which is slowing my website down since the resource usage is getting too high!
The target URL for bots is mywebsite.com/my-account
I would like to know the firewall rules that I can set up on Cloudflare to block such requests before reaching to my website. Is there any possible rule which can block these bots?
The bots are definitely getting their IP address banned however it is not stopping the attack, they are coming in from new IP address of different countries and trying to login via some weird usernames or emails which does not even exist on my website.
But the real issue is that even after having the Rate Limiter, the bots are still coming to my site and consuming a â– â– â– â– lot of resources due to which the website is facing a lot of issues in terms of loading/ database connectivity. What else can I do at my end to resolve this?
Do you suggest any changes to the rules or any addition of firewall rules which might help me here?
That URL sets a cookie then redirects back to /my-account/
If it’s their 2nd time on /my-account/ and still no cookie set, redirect them to download the biggest file I could find?
If that’s doable via firewall rules, request you to give me the steps for doing so.
Can you try challenging all requests to your login page? Create a Firewall Rule that matches on your login page URL and set the action to “JS Challenge” or “Challenge”.