Do you use any caching plugin with WordPress?
Any security plugins installed and activated?
Because for example W3 Total Cache can either cache your wp-login page. Moreover, if having a cache setting also on Cloudflare with an option of “Cache Everything”, there is a reason why you could not successfully log in to your WordPress Admin dashboard.
You would need to use 3 Page rules to configure caching and allow yourself to login and not being “redirected” all-around when you click the “submit/login” button (if using W3TC and Cache Everything option).
Moreover, you say you use cPanel, so I assume you already have an AutoSSL certificate generated and provided by cPanel and also using the “Full SSL” option at Cloudflare dashboard?
Otherwise, you are using Flexible SSL at Cloudflare dashboard as an option?
Also, do you have a
define('force_ssl_admin', true); in your
wp-config.php file or not?
It is normal for WordPress to redirect you to the wp-login.php when you try to access via yourwebsite.com/wp-admin/ if not already logged-in.
It is also possible, you could either deny the request to /login which redirects you to wp-login using in your theme functions.php file using
remove_action('template_redirect', 'wp_redirect_admin_locations', 1000); //To prevent redirect to login page when people type "login" at end of home URL
Try setting your Page Rules as follows (in this example I have “Cache Everything” at Cloudflare dashboard, also use W3 Total Cache plugin with a combination of Wordfence and BBQ Firewall plugins too and including custom Firewall rules at Cloudflare dashboard)
And try to purge cache “Everything” for your domain after the tries provided from the above.