Secure Your WordPress Site with Cloudflare

Want to safeguard your WordPress site from unwanted visitors? Cloudflare has your back! This handy tool offers a built-in Web Application Firewall (WAF) that can keep your site safe and sound.

To keep your WordPress site safe… is by blocking wp-login.php to all outsiders. I would highly advise creating a rule and manually adding all users IP adresses. I know, is can be a pain as the non tech person would understand fully what is IP Addresses and how they work. But our ISP can change their IP address at anything time. Or you work in a big organisation, I would whitelist company’s IP address and recommend all users to VPN to works network if they needs access to WordPress site.

To do this Login to Cloudflare and go to Security > WAF (Web Application Firewall).

Here is how you create a rule.

What we doing above is whitelist a list of IP addresses and allow access to WordPress Login page.

Step 1: Block wp-login.php for everyone except trusted users

  • Navigate to Cloudflare’s Security section and locate the WAF feature.
  • This feature allows you to configure rules for blocking unauthorized access to specific files like wp-login.php.

Step 2: Create a rule to whitelist authorized IP addresses

  • Manually enter each authorized user’s IP address in the rule.
  • Keep in mind that IP addresses can change, so this might require updating the rule over time.

Why whitelist IP addresses?

  • This ensures only trusted users with known IP addresses can access the login page.
  • It effectively eliminates anyone not on the list from accessing wp-login.php.


  • Whitelisting IP addresses might not be suitable for all scenarios.
  • Consider implementing additional security measures like strong passwords and two-factor authentication.


Tips and tricks

Comments are closed