We have seen a few of our customers experience malicious bots making repeated efforts to break into their WordPress login page. There are a few issues that arise from this activity. Not only is it annoying but this can eventually crash your site by using up your server resources. It can also lead to your WordPress site getting hacked since that’s what the bots are trying to accomplish.
To prevent experiencing these issues, you can use Cloudflare‘s Firewall rule feature.
Let’s get started:
Assuming you have a Cloudflare account, log into your Cloudflare account.
Click on the Firewall icon
Click on the “+ Create Firewall rule” link on the upper right corner.
In the “When incoming requests match…” section select “URI” in the drop-down menu under Field. For the Operator field, select “Contains“. In the Value field, enter “/wp-login.php” as shown above.
In the “Then…” action select “Challenage (Captcha)“.
Now when someone goes to your wp-login.php page they will be met with a Captcha challenge they must enter first in order to log into your WordPress site.
The best part of using this firewall rule on your Cloudflare account is that it generally stops the bad guys from getting into your WordPress site. And, as a bonus, your server resources are also protected.