Wp-login.php

mutiaradakwah41 · October 12, 2020, 5:35pm

Hi

How do I get everyone accessing the wp-login.php URL on my site to be applied “JS Challenge” "?
Because when I add the page rules, cloudflare only implements “JS Challenge” on pages that actually contain the wp-login.php URL, and doesn’t apply the JS Challenge to other URLs that point to wp-login.php

Example:
If someone accesses the wp-login.php URL, the JS Challenge is applied
However if someone accesses the wp-admin URL, and it will redirect to https://mutiaradakwah.com/wp-login.php?redirect_to=https%3A%2F%2Fmutiaradakwah.com%2Fwp-admin%2F&reauth=1, JS Challenge is not implemented, even though the initial URL is mydomain.com/wp-login.php
Why?

Thank you

sdayman · October 12, 2020, 1:43pm

Try this Firewall Rule:

mutiaradakwah41 · October 12, 2020, 8:03am

Hi
Thanks, it worked
But I changed the wp-login to wp-login.php
Is there any problem?
Thank you

k.nadnakinam · October 12, 2020, 10:43am

As long as the words “wp-login” in the URL. Then the rule works!

mutiaradakwah41 · October 12, 2020, 1:20pm

Hi
The problem is, the login page uses the wp-login.php URL, and not wp-login only, if you access mutiaradakwah.com/wp-login it will generate a 404 page
Thank you

sdayman · October 12, 2020, 1:43pm

As it should, just as any mistyped URL. Your goal was to JS challenge the login page. The rule accomplishes that.

mutiaradakwah41 · October 13, 2020, 6:43am

So, it’s ok to change wp-login to wp-login.php ?