Hello, fellow SysAdmin,
In this post, I will create a Cloudflare WAF (Web Application Firewall) rule that blocks access to the WordPress Admin Area (wp-admin) for all countries except one.
First, login Cloudflare dashboard, and then go to Security -> DNS menu.
![https://ns1.my.id/unggah/2022/12/cloudflare-block-wpadmin0.jpg](https://ns1.my.id/unggah/2022/12/cloudflare-block-wpadmin0.jpg)
On Security - Firewall rules WAF (Web Application Firewall), create a Firewall Rule like this :
![https://ns1.my.id/unggah/2022/12/cloudflare-block-wpadmin.jpg](https://ns1.my.id/unggah/2022/12/cloudflare-block-wpadmin.jpg)
- Rule name: block multiple country from access wp-admin
- When incoming requests match…
- - Choose `Country` on Field, `is not in` on Operator, and `Any Country` on Value.
- and then click And button
- with
Url Path
contains/wp-admin
Expression Preview:
(not ip.geoip.country in {"ID"} and http.request.uri.path contains "/wp-admin")
Then choose Block. and click Save.
This rule will instruct Cloudflare to block access to Wordpress wp-admin from All countries except Indonesia.
You may create a similar WAF rule to protect your wp-admin, or if you have a dedicated IP Address (Using a VPN), you can whitelist an IP Address that only permits access to Wordpress wp-admin.
httpstatus.io results :
![https://ns1.my.id/unggah/2022/12/cloudflare-block-wpadmin3.jpg](https://ns1.my.id/unggah/2022/12/cloudflare-block-wpadmin3.jpg)
Httpstatus.io can't fetch wp-admin because they check the pages using outside Indonesian IP Addresses.
![https://ns1.my.id/unggah/2022/12/cloudflare-block-wpadmin2.jpg](https://ns1.my.id/unggah/2022/12/cloudflare-block-wpadmin2.jpg)
Anyway, thanks for reading!
Regards,
-Average SysAdmin