How do I get everyone accessing the wp-login.php URL on my site to be applied “JS Challenge” "?
Because when I add the page rules, cloudflare only implements “JS Challenge” on pages that actually contain the wp-login.php URL, and doesn’t apply the JS Challenge to other URLs that point to wp-login.php

If someone accesses the wp-login.php URL, the JS Challenge is applied
However if someone accesses the wp-admin URL, and it will redirect to https://mutiaradakwah.com/wp-login.php?redirect_to=https%3A%2F%2Fmutiaradakwah.com%2Fwp-admin%2F&reauth=1, JS Challenge is not implemented, even though the initial URL is mydomain.com/wp-login.php

Thank you

Try this Firewall Rule:

1 Like

Thanks, it worked
But I changed the wp-login to wp-login.php
Is there any problem?
Thank you

As long as the words “wp-login” in the URL. Then the rule works!

The problem is, the login page uses the wp-login.php URL, and not wp-login only, if you access mutiaradakwah.com/wp-login it will generate a 404 page
Thank you

As it should, just as any mistyped URL. Your goal was to JS challenge the login page. The rule accomplishes that.

So, it’s ok to change wp-login to wp-login.php ?

This topic was automatically closed after 30 days. New replies are no longer allowed.