My provider has been complaining about the attacks on my website. It’s just a small Wordpress site but for some reason it seems to be a target. They directed me to Cloudflare and then, at times, they have instructed me to turn on Attack Mode.
Whenever I’m in Attack Mode my legitimate traffic drops so I’ve been toying with Firewall rules. I’m not certain I’ve arrived at a good solution and am wondering what some of you knowledgeable people think of my rules.
#1 - I allow my IP address (I turn this rule off when I’m not working on the site)
#2 - I block all .php requests to /wp-content, wp-includes, wp-admin and also to login.php and xmlrpc
#3 - I also block a couple of countries that are major offenders, but I’m not sure I need to do that with the above rules.
I think it is catching a lot of stuff that has been hitting my site. Does anyone have any suggestions, good or bad, about this approach? Thanks.