Add a Cloudflare WAF Rule to Block Access To the WordPress Admin Area For All Countries Except One.

Hello, fellow SysAdmin,

In this post, I will create a Cloudflare WAF (Web Application Firewall) rule that blocks access to the WordPress Admin Area (wp-admin) for all countries except one.

First, login Cloudflare dashboard, and then go to Security -> DNS menu.

Cloudflare WAF

On Security - Firewall rules WAF (Web Application Firewall), create a Firewall Rule like this :

Create a similar Cloudflare WAF rule like this one
  • Rule name: block multiple country from access wp-admin
  • When incoming requests match…
  • - Choose `Country` on Field, `is not in` on Operator, and `Any Country` on Value.
  • and then click And button
  • with Url Path contains /wp-admin

Expression Preview:

(not ip.geoip.country in {"ID"} and http.request.uri.path contains "/wp-admin")

Then choose Block. and click Save.


This rule will instruct Cloudflare to block access to Wordpress wp-admin from All countries except Indonesia.

You may create a similar WAF rule to protect your wp-admin, or if you have a dedicated IP Address (Using a VPN), you can whitelist an IP Address that only permits access to Wordpress wp-admin.

httpstatus.io results :

Httpstatus.io can't fetch wp-admin because they check the pages using outside Indonesian IP Addresses.

The Cloudflare blocking Wordpress Admin

Anyway, thanks for reading!

Regards,

-Average SysAdmin