Cloudflare Firewall Rules for WordPress: Block Potentially Malicious Requests

Posted on May 30, 2020 by Kenny

Rule 1: Allow Good Bots | Rule 2: Block Potentially Malicious Requests | Rule 3: Block Bad Bots | Rule 4: JS Challenge

The order of the next three rules is less important. It makes a difference in terms of logging – if a bot is blocked by rule 2 it won’t be logged by rule 3 – but not in effectiveness. Rule 2 blocks potentially malicious requests, whether they originate from bad bots or humans. This is a long rule set, so I’ll break it down.

I want to block …

Cloudflare Firewall Rules for WordPress: Allow Good Bots

Posted on May 30, 2020 by Kenny

I don’t find much information on the interwebs about free-tier Cloudflare firewalls rules optimized specifically for WordPress security. So, I’ve been slowly building and tweaking my own. As of today I have four rules …

Cloudflare and the Incredible Magical Expanding IP Whitelist

Posted on March 5, 2020 by Kenny

Doing some routine firewall tinkering in Cloudflare, I happened to notice that my IP whitelist – which I have never deliberately added anything to – had grown huge. Apparently it had been growing slowly over the years, I just didn’t notice.

HSTS

Posted on February 23, 2020 by Kenny

Along with DNSSEC, HTTP Strict Transport Security (HSTS) is an important but under-implemented web security protocol. Unlike DNSSEC though, HSTS seems to finally be on its way, slowly but steadily, toward widespread implementation. HSTS is currently used by about 12.5% of all websites, and is supported by newer versions of major web browsers. Read more HSTS ›

DNSSEC – why is it so rarely used?

Posted on February 23, 2020 by Kenny

One of the many great reasons to use Cloudflare is its easy-breezy, user-friendly support for DNSSEC, even on the free tier. Read more DNSSEC – why is it so rarely used? ›

Cloudflare slopes get slippery

Posted on January 21, 2020 by Kenny

For many years since it’s founding in 2009, Cloudflare stood firm as a bastion of Internet freedom, refusing to police the content of the sites that use its services.

WP Security Approach: Maginot Line vs. Kursk

Posted on July 27, 2019 by Kenny

There are various approaches to WP security, but I’ll vastly oversimplify it into two: Maginot Line or Kursk. (1)

JavaScript Challenge Rule

Posted on June 29, 2019 by Kenny

In addition to my crazy long Cloudflare firewall “block” rule, I use a JavaScript challenge rule for pages that I want to restrict to human users, keeping out bots.

Crazy long, but free – Cloudflare firewall rule

Posted on June 15, 2019 by Kenny

On Cloudflare’s free tier I am allowed five firewall rules. This is very generous of Cloudflare, considering the free part. But it turns out to be much more generous than it first appears.

DDoS Protection

Posted on June 13, 2019 by Kenny

A distributed denial-of-service (DDoS) is a large-scale attack using multiple IP addresses, attempting to overwhelm a site with requests, crashing it or slowing it to a crawl. DDoS attacks vary in sophistication. The most sophisticated use thousands of IPs accessing multiple URLs with random query strings to bypass caching and increase the CPU load.

WordPress Plugins vs. Cloudflare Apps

Posted on February 8, 2019 by Kenny

Cloudflare Apps are a lot like WordPress plugins. Each App adds specific functionality to my website. Like plugins, Apps are available in multiple categories such as SEO, Security, Social & Communication, etc. Another similarity – some Apps are free, some are not.

Cloudflare as a Registrar, Part II

Posted on January 20, 2019 by Kenny

I received notification of early entry to the Cloudflare registrar service. I transferred a domain (this one) for a test drive. My initial impression … pretty awesome!

Coming Soon: Cloudflare as a Registrar

Posted on January 8, 2019 by Kenny

For awhile now, Cloudflare has been quietly advertising “coming-soon” no-added-fees registrar services for Cloudflare customers – even those like me on the free tier. According to the sales pitch, CF will charge exactly $0 for this service, adding no fee at all to the Wholesale Registry fee (currently $7.85 for dot com) + the $0.18 ICANN fee. So, CF will register a dot com domain for the bargain annual cost of $8.03.

Cloudflare Firewall Rules

Posted on December 16, 2018 by Kenny

Cloudflare announced the introduction of firewall rules on October 3, 2018. Surprisingly, five firewall rules are even provided on the free plan. By comparison the Pro plan provides 20 firewall rules. Unlike Page Rules, additional firewall rules can *not* be purchased. I get five, that’s it – but as we will see a single firewall rule can do a bunch of different stuff provided that the final action is the same. Pretty generous of CF, I think, seeing as I use only their free tier.

WP Contact Form Security

Posted on November 1, 2018 by Kenny

There are a couple of aspects to the security of my Contact Kenny page.

Cloudflare