Add a Cloudflare WAF Rule to Block Access To the WordPress Admin Area For All Countries Except One.
Hello, fellow SysAdmin,
In this post, I will create a Cloudflare WAF (Web Application Firewall) rule that blocks access to the WordPress Admin Area (wp-admin) for all countries except one.
First, login Cloudflare dashboard, and then go to Security -> DNS menu.
On Security - Firewall rules WAF (Web Application Firewall), create a Firewall Rule like this :
- Rule name: block multiple country from access wp-admin
- When incoming requests match…
- - Choose `Country` on Field, `is not in` on Operator, and `Any Country` on Value.
- and then click And button
- with
Url Path
contains/wp-admin
Expression Preview:
(not ip.geoip.country in {"ID"} and http.request.uri.path contains "/wp-admin")
Then choose Block. and click Save.
This rule will instruct Cloudflare to block access to Wordpress wp-admin from All countries except Indonesia.
You may create a similar WAF rule to protect your wp-admin, or if you have a dedicated IP Address (Using a VPN), you can whitelist an IP Address that only permits access to Wordpress wp-admin.
httpstatus.io results :
Httpstatus.io can't fetch wp-admin because they check the pages using outside Indonesian IP Addresses.
Anyway, thanks for reading!
Regards,
-Average SysAdmin