Rule 1: Allow Good Bots | Rule 2: Block Potentially Malicious Requests | Rule 3: Block Bad Bots | Rule 4: JS Challenge
In some cases I want to keep bots off a page, but I don’t want to block or unduly inconvenience humans. A JavaScript challenge will display an interstitial page for about five seconds while Cloudflare performs a magical check to verify the visitor is human. Suspected bots will be served a Captcha.
Read more Cloudflare Firewall Rules for WordPress: JS Challenge
Rule 1: Allow Good Bots | Rule 2: Block Potentially Malicious Requests | Rule 3: Block Bad Bots | Rule 4: JS Challenge
Good bots are whitelisted by Rule 1. Some bad bots will be blocked by Rule 2. I’d like Rule 3 to block *all* remaining bots, but that isn’t possible as far as I know. I’ll block as many as I can.
Read more Cloudflare Firewall Rules for WordPress: Block Bad Bots
Rule 1: Allow Good Bots | Rule 2: Block Potentially Malicious Requests | Rule 3: Block Bad Bots | Rule 4: JS Challenge
The order of the next three rules is less important. It makes a difference in terms of logging – if a bot is blocked by rule 2 it won’t be logged by rule 3 – but not in effectiveness. Rule 2 blocks potentially malicious requests, whether they originate from bad bots or humans. This is a long rule set, so I’ll break it down.
I want to block …
Read more Cloudflare Firewall Rules for WordPress: Block Potentially Malicious Requests
I don’t find much information on the interwebs about free-tier Cloudflare firewalls rules optimized specifically for WordPress security. So, I’ve been slowly building and tweaking my own. As of today I have four rules …
Read more Cloudflare Firewall Rules for WordPress: Allow Good Bots
