Wordpress security with CF free plan

Hi, I’m using cloudflare free plan and I anderstand even free plan stops some atacks but It seems to be not enough. So I’m wondering if a WP security plugin would make a good combination with CF free plan

For example to stop login attemps is it useful to use a two factor athentication plugin or a rate limiting plugin? I’m a bit in doubt because I’ve read that using these plugins the brute force attemps still generate a load in the server and possibly slow it down

Also I’ve seem that one can create Cloudflare rules, and I wonder if it is possible to create a rule to allow access to domain.com/wp-admin from only my country and deny from the rest?

What is your opinion?

Hi @arieletoro,

You can certainly create a rule for wp-admin to only allow your country.

Alternatively, you could use Cloudflare Access which is free for up to 5 users and allows you to protect a specific area of your site.


1 Like

Thank you domjh

I was taken a look at the rules and I have a doubt. If I allow my country does this mean the rest is automatically blocked?

Another question is, which of the two option you mentioned you think is better?

No problem!

You will need to use a firewall rule to block all requests NOT in your country.

Cloudflare Access means that it is not country specific and could not be bypassed by going via your country, however it may take longer to configure.

1 Like

domjh, I guess that rule could be:

Request method …
Country …


If this is correct the doubt is: request method should be GET, POST or both?

Here’s a screenshot of mine. Nobody outside the US has any business hitting my login page regardless of method:

Thank you sdayman! I didn’t figure out that way so far. It looks to do the work.

And in addition do you use a wp security plugin?

I sure do! I use Wordfence.


Thank you guys!

1 Like

This topic was automatically closed after 30 days. New replies are no longer allowed.