I found some information on a website in regards to locking down wordpress. I used the follwing guide it and totally broke my website. I was hoping someone can confirm if this information is correct or maybe outdated?
FYI. I did not use this suggested expression below. I did it manually as suggested in the image above
(http.request.uri eq “/xmlrpc.php”) or (http.request.uri.path contains “/wp-content/” and not http.referer contains “yourwebsitehere.com”) or (http.request.uri.path contains “/wp-includes/” and not http.referer contains “yourwebsitehere.com”)
Referrer blocks are generally rarely a good idea. Clients are not obliged to send a referrer and, if they don’t, your rule will block those requests. You probably best include an empty referrer in your expression as well. This all is assuming yourwebsitehere.com is your actual domain.
http.request.uri eq “/xmlrpc.php”) or (http.request.uri.path contains “/wp-content/” and not http.referer contains “yourwebsitehere.com”) or (http.request.uri.path contains “/wp-includes/” and not http.referer contains “yourwebsitehere.com”)
Can you purphas advise how this expression is done correctly if I have done it wrong and guide I have followed is incorrect ?
I have tested from external ips ect ect and things seem to be okay. I have very little knowledge of these things so I can only follow recommended guides. However, your response now has me doubting that I have done the wrong thing
I would advise against following random blogs out there, as they often provide incorrect information. Such as here, as this rule will block all requests which do not contain a referrer.
It’s best to familiarise yourself with Cloudflare’s rule engine - Ruleset Engine · Cloudflare Ruleset Engine docs - and then set up the rules you need for your particular setup. Your network administrator should be able to advise you here further.
Again, as for this particular expression you may want to allow empty referrers as well. But overall it really depends on what you want to achieve and “hardening Wordpress” is way too broad I am afraid.
Best thing really is to get to know how firewall rules work and apply that knowledge then.
I understand, that’s why it is a particularly good opportunity to learn more about it, which is why I provided the link to the documentation.
Checking for an empty field is, for example, done via field eq "", respectively field ne "" if you want to check the other way round.
So, again, please check out the documentation and try to learn as much as you can about it. Then if there is a concrete expression where you have difficulties, we can definitely discuss that.
I am a journo, I dont really have time to learn highly complex security and firewall rules.
I only ask, if someione could provide and assist me with the correct expression to protect these two recommend paths. Of course I have checked much of the documention without yielding results of how to specifically protect these two paths .
That’s absolutely fair and in that case it will be best to hire a professional to do that.
You wrote you have tried a couple of things to adjust the expression. Can you post what you have tried, respectively how you integrated what I suggested earlier?
So my suggestion would be you post a screenshot of what exactly you have configured, including the mentioned adjustments, and explain how exactly it stopped your site from working. Based on that we can probably provide further advice.
I am afraid there is no one single correct rule, it really all depends on your particular use case, hence my original question.
The rules generally look all right, except for the empty referrer which I addressed. Still referrer based rules are generally not necessarily stable rules.
I appricate your suggestion. I really do. and thanks for time you took to explain that. However, due to my limted knowledge, underdstanding of manaully writing expresions, and failure to find what you suggested to do on cloudflares help pages. i only hoped someone might have simply corrected the expression I have used according to what you recommended.
Ill find someone to help me understand how to rewrite that expression according to your recommendation .
How to include : best include an empty referrer in your expression as well.
Should you have any other Cloudflare-specific question, please feel free to ask, but also please use the search as most things have been already discussed and can be easily found via the search, respectively the documentation is a vast pool of information on most topics - https://developers.cloudflare.com
Only other thing, Wordpress related questions should really go to a Wordpress forum as the forum here is for topics related directly to Cloudflare. Thanks.
