You need to this basic CloudFlare Firewall Configuration to protect your login page. Click Edit expression to paste them:

Basic and Important CloudFlare Firewall Configuration

Rule 1:

This is Challenge Captcha for url “/wp-admin” (or something you are) when request from Your Country (ex: VN):

(http.request.uri.path eq "/wp-admin" and ip.geoip.country eq "VN")

Rule 2:

This is for Block if request from other country (ex: Not equal VN):

(http.request.uri.path eq "/wp-admin" and ip.geoip.country ne "VN") or (http.request.uri.path eq "/wp-login.php" and ip.geoip.country ne "VN")

Click Use expression builder to custom your setting.

Useful full configuration for WordPress site

Block some path with country

(ip.geoip.country ne "VN" and http.request.uri.path contains "/gio-hang") or (ip.geoip.country ne "VN" and http.request.full_uri contains "add-to-cart") or (ip.geoip.country ne "VN" and http.request.full_uri contains "add_to") or (ip.geoip.country ne "VN" and http.request.uri.path contains "admin") or (http.request.uri.path contains ".php" and not http.request.uri.path contains "/wp-admin/" and http.request.uri.path ne "/wp-login.php" and http.request.uri.path ne "/wp-comments-post.php") or (ip.geoip.country ne "VN" and http.request.method ne "GET") or (cf.threat_score gt 5 and ip.geoip.country ne "VN") or (cf.threat_score gt 5 and http.request.uri.path contains "_")

Block AI Crawler

(any(http.request.headers["user-agent"][*] contains "claude")) or (any(http.request.headers["user-agent"][*] contains "MJ12bot")) or (any(http.request.headers["user-agent"][*] contains "Ahrefs")) or (any(http.request.headers["user-agent"][*] contains "SEMrush")) or (any(http.request.headers["user-agent"][*] contains "DotBot")) or (any(http.request.headers["user-agent"][*] contains "MauiBot")) or (any(http.request.headers["user-agent"][*] contains "AspiegelBot")) or (any(http.request.headers["user-agent"][*] contains "PetalBot")) or (any(http.request.headers["user-agent"][*] contains "SiteAuditBot")) or (any(http.request.headers["user-agent"][*] contains "SplitSignalBot"))

Which FireWall rule you need to be config?

You need to use both of two Rules above to protect your login page. And turn on DNS (orange status) for your site.

You can see how many request to that page in 24h, and CSR (how many % pass Captcha)

Don’t be attacked from hack-bot!

DMCA.com Protection Status


Leave a Reply

Your email address will not be published. Required fields are marked *