How to Enhance WordPress Security with Custom Cloudflare Firewall Rules
Рет қаралды 1,743
Күн бұрын
@markatgraf1x 2 ай бұрын
I’ve been meaning to implement Troy’s rules since he published them, so this is an awesome walk through thanks! Wouldn’t it be great if Cloudflare allowed you to add this once, then have it apply to all sites on your account!
@Permaslug 2 ай бұрын
I very much wish that was possible lol
@SadaqatGhafoor 2 ай бұрын
This is a life saver for my web application...thanks
@visualmodo 2 ай бұрын
Truly good work!!!
@marks3819 19 күн бұрын
Amazing! Just a big job for someone who already has hundreds of sites in several accounts... How to work? Creating an application to apply this to all sites via API?
@AnilAgrawal 2 ай бұрын
Awesome video. Thank you! LIKE'd and subscribed.
@elyassssadeghi4255 Ай бұрын
thanks man❤
@johnnycakez2750 2 ай бұрын
Jonathan, do you use any wp specific security plugins or just cloudflare/server rules?
@LevyCarneiro 2 ай бұрын
Following.
@Permaslug 2 ай бұрын
I don’t, I just use my hosts security and a trusted suite of plugins across all my sites
@kenbaker7412 2 ай бұрын
Great resource! One question... in the Security > Bots section, there is a "Bot Fight Mode" . Will this conflict with any of the WAF custom rules that were shown in the video?
@Permaslug 2 ай бұрын
Good question! Might be worth reaching out to Troy about that
@troyg2986 19 күн бұрын
There won't be any conflict but sometimes bot mode ignore your waitlist to allow some services. They have improved how it works but this is also why I check the box under the allow rule to bypass it.
@grizfan93 2 ай бұрын
Thanks! very helpful video. I use Cloudways with Vulture and DO servers, would the last rule cause any issues or block Cloudways support from accessing for support purposes? Thanks!
@Permaslug 2 ай бұрын
Not as far as I’m aware!
@huntrolly2190 2 ай бұрын
Thank you.
@DenisMcCaul 19 күн бұрын
Hi Jonathan, I use Mouseflow website user recording (like Hotjar) on my websites. Will any of these rules stop that from working?
@avir2383 26 күн бұрын
This is incredible! One question, how would this work if you are using multiple CDN. For instance you point your website to cloudflare DNS which also enables their CDN, but your hosting provides another CDN as well - which allows you a multi CDN setup. How would these rules work in that case? specifically where you mention "nobody needs access to your wp_content folder"
@troyg2986 19 күн бұрын
You can use Cloudflare with other CDNs, but I feel it's a waste. I used to pay for a CDN, but now I only use Cloudflare. Even if you disabled all the performance settings with Cloudflare you can still use it as a firewall system to protect your site.
@shirkhan7293 Ай бұрын
Hi! Thanks for the great content. Isn´t it better to block /wp-admin/ entirely and only whitelist your IP? Or are the challenge rules enough?
@troyg2986 19 күн бұрын
You can as long as you're in the same location. I just had issues in the past where I needed to do something on my cell phone, but I can't because it's a different IP. You can also set up Cloudflare access if you want additional two-step authentication.
@dhetherington 2 ай бұрын
I have 20 websites, is there an easy way to add these rules to multiple sites?
@peterwise Ай бұрын
There's no way to do instantly copy all rules between sites in the web interface. You could write a custom script that uses the API for this. But if you want to do it only online you need to setup each site individually. You can save a lot of time by going into "expression" mode and copy and pasting that instead of recreating the long details of each rule in the dropdown/and/or GUI interface.
Jonathan Jernigan
Рет қаралды 314
SaasTuto SaaS & WP vids
Рет қаралды 23 М.