Last active
October 14, 2024 18:34
-
-
Save MillerMedia/9fb5f1dc251af92b2e3f03d0a8bcc195 to your computer and use it in GitHub Desktop.
Cloudflare Custom Rules for WordPress
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| These are settings that I like to use for WordPress sites to mitigate common malicious traffic. These generally get around the Cloudflare WAF so are good supplemental rules to add. | |
| These can be created by going to Security -> WAF, click the 'Custom Rules' tab and then click 'Create Rule' | |
| ___ | |
| # Title | |
| Challenge all PHP page requests that aren't wp-admin or wp-login | |
| ## Conditions | |
| • URI Full ends with php AND | |
| • URI Full does not contain wp-admin AND | |
| • URI Full does not contain wp-login | |
| ## Then take action... | |
| Managed Challenge | |
| ___ | |
| # Title | |
| Block xmlrpc.php requests | |
| ## Conditions | |
| • URI Full ends with xmlrpc.php | |
| ## Then take action... | |
| Block | |
| ___ | |
| # Title | |
| Challenge all non-US traffic | |
| ## Conditions | |
| Country does not equal United States | |
| ## Then take action... | |
| Managed Challenge | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment