Add a Cloudflare WAF Rule to Block Access To the WordPress Admin Area For All Countries Except One.

Hello, fellow SysAdmin,

In this post, I will create a Cloudflare WAF (Web Application Firewall) rule that blocks access to the WordPress Admin Area (wp-admin) for all countries except one.

First, login Cloudflare dashboard, and then go to Security -> DNS menu.

https://ns1.my.id/unggah/2022/12/cloudflare-block-wpadmin0.jpg — Cloudflare WAF

On Security - Firewall rules WAF (Web Application Firewall), create a Firewall Rule like this :

https://ns1.my.id/unggah/2022/12/cloudflare-block-wpadmin.jpg — Create a similar Cloudflare WAF rule like this one

Rule name: block multiple country from access wp-admin
When incoming requests match…
- Choose `Country` on Field, `is not in` on Operator, and `Any Country` on Value.
and then click And button
with Url Path contains /wp-admin

Expression Preview:

(not ip.geoip.country in {"ID"} and http.request.uri.path contains "/wp-admin")

Then choose Block. and click Save.

This rule will instruct Cloudflare to block access to Wordpress wp-admin from All countries except Indonesia.

You may create a similar WAF rule to protect your wp-admin, or if you have a dedicated IP Address (Using a VPN), you can whitelist an IP Address that only permits access to Wordpress wp-admin.

httpstatus.io results :

https://ns1.my.id/unggah/2022/12/cloudflare-block-wpadmin3.jpg

Httpstatus.io can't fetch wp-admin because they check the pages using outside Indonesian IP Addresses.

https://ns1.my.id/unggah/2022/12/cloudflare-block-wpadmin2.jpg — The Cloudflare blocking Wordpress Admin

Anyway, thanks for reading!

Regards,

-Average SysAdmin

Add a Cloudflare WAF Rule to Block Access To the WordPress Admin Area For All Countries Except One.

Ariq Naufal

Topics