WAF settings - which managed rules to pick if any

I’m using the pro plan and am on the WAF settings page under Security. I run Wordpress on NGINX.

There are three managed rules listed under my WAF settings page. Should I “deploy” any or all three? I don’t currently have any active. They are listed as:

Cloudflare Exposed Credentials Check
Cloudflare Managed Ruleset
Cloudflare OWASP Core Ruleset

Within each of these, there are lots of individual rules, some that are pre-selected as “active” and others that are not. I have not changed any of them.

Any advice is appreciated!

I would recommend taking a read through the documentation for each of these managed rules and then enabling them if you conclude that they would work well with your application.

1 Like

Thank you, I’ll do that.

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.