Wordpress strategy - firewall rules

My provider has been complaining about the attacks on my website. It’s just a small Wordpress site but for some reason it seems to be a target. They directed me to Cloudflare and then, at times, they have instructed me to turn on Attack Mode.

Whenever I’m in Attack Mode my legitimate traffic drops so I’ve been toying with Firewall rules. I’m not certain I’ve arrived at a good solution and am wondering what some of you knowledgeable people think of my rules.

#1 - I allow my IP address (I turn this rule off when I’m not working on the site)
#2 - I block all .php requests to /wp-content, wp-includes, wp-admin and also to login.php and xmlrpc
#3 - I also block a couple of countries that are major offenders, but I’m not sure I need to do that with the above rules.

I think it is catching a lot of stuff that has been hitting my site. Does anyone have any suggestions, good or bad, about this approach? Thanks.

I think that if the provider identifies attacks, they could elaborate on what exactly gets attacked (specific URLs, relatively few single operations that cause high load, relatively many single operations that each by itself almost doesn’t cause load, but together, they take all the processing resources you have), etc.

Without knowing that, it’s just a guess game.

On the non-Cloudflare-front, you may make your WP site more efficient (if you haven’t already done so) by using a Caching plugin, such as “WP Super Cache*”. These makes your server work less for producing content that was already produced in the past, which helps decreasing load both normally and especially when attacked with many requests, as every decease of processing required for a single request is multiplied by the number of concurrent requests…

* This is not a recommendation of a specific plugin. It’s just the first result in Google. I don’t take responsibility for what is does :slight_smile: To its’ defense, it’s made by Automattic, the company behind WP. So if you trust WP to begin with… Anyway… ALWAYS back up your data and everything.

1 Like

Just a quick followup - at this point I think the approach I described is working out well for me. I’ve had a few issues with Jetpack and Wordfence being blocked. I decided to drop Wordfence, since any efforts to access php files is blocked anyway. I’d say that 95% of the attacks are on xmlrpc, login, and blind shots at possible plugin vulnerabilities. My approach is blocking all of those.

Anyway, I thought for the sake of anyone who happens to find my question in the future that this followup might help.

1 Like

This topic was automatically closed after 30 days. New replies are no longer allowed.