Zero Trust Setup for WP-Admin not rendering One Time PIN challenge

What is the name of the domain?

What is the issue you’re encountering

Not displaying when accessing Zero Trust URL

What steps have you taken to resolve the issue?

I currently have my WP-Admin and WP-Login WAF’d by a IP-only rule for my static home computer which is great b/c Im the only access point, however I have other employees from time that need access to the WP back end and are on static IPs/travel a lot. They need access. I tried to set up a Zero Trust application and group but in testing Im having trouble getting it to work. It’s not displaying the challenge poster for the one-time code. In other words its as if nothing is happening and I browse to the URLs with no trouble.

In testing I have turned off my WAF rule that blocks everyone except me so the world can access the WP-Admin and WP-Login.

In Zero Trust I:

  1. Created an Access Group named “WP-Admin” with email addresses to constitute the users I will grant one-time access to
  2. Created a Self-Hosted Application named “WordPress WP-Admin”, Allow, 1-Week Duration, domain:, path: /wp-admin
  3. Application Appearance Enabled App in App Launcher OFF, Use default domain, added custom logo URL
  4. Blocked Pages: Cloudflare default for identity and non-identity
  5. Identity Providers: One Time Pin, Ship Auth OFF
  6. WARP Auth Identity OFF
  7. Added policy “WP-Admin Access”, action ALLOW, duration 1 week
  8. Assigned Access Group from Step 1
  9. Skipped Create Add’l Rules
  10. Additional Settings: Purpose Justification ON, Temporary Auth ON, my email address as Approver
  • I want to use this feature because occasionally I have WP developers helping me w/web site that need occasional access
  1. CORS: Bypass options request OFF, Access Control Allow Credentials OFF
    12 Access Control Allow Origin, Methods, and Headers CHECKED
  2. Cookie Settings ALL OFF, Same Site Attribute LAX
  3. Addl Settings: Enable Auto Cloudflare Authentication OFF, Browser Rendering DISABLED

In testing from a generic dynamic IP (my phone on 5G), I get to the WP-Admin page as if nothing happened.

I’m scratching my head. Any ideas? Its gotta be something simple Im missing.

Still messing around with this and cant get it to work. The Zero Trust email one-time-pin poster never shows on WP-Admin. Hmmmmm, Any ideas? Do I have a setting wrong somewhere?

Im at my wit’s end with this. I have done absolutely everything the instructions say to do, have configured things 5-6 times, and the Cloudflare Access just refuses to run and display on the wp-admin page I am trying to protect. I only wish I was having email issues like others because at least they are getting the Access to show up to begin with.

I cant believe Im the only one unable to get this application to work – at all. Its as if nothing I do has any affect on anything. Ive watched a half dozen “how-to” videos. Im out of ideas. Ive been around computers, servers, and IT for 30 years so Im not a blind novice at technical stuff. Help.