Let me show you How To Setup WordPress Website On Cloudflare (DDoS Protected).

I will share my own personal settings on all my websites with Cloudflare, showing how to setup DDOS protected website with Cloudflare (this also hides the IP of your web server adding that extra level of security) then we will also adjust the most important settings in Cloudflare to ensure your website is optimized for speed and security.

Below are the codes for the firewall rules settings:

When you go over to firewall rules settings, just add these rules and copy-paste each detail. I will discuss in a different video why I am using all settings I have shown in the above video. It just happened that when I recorded the video, my mic was not plugged-in properly, so my mistake, and I was lazy to explain further when editing the video, so sorry! 😀

1. For WP Security (with JS Challenge)

Rule Name: WP Security

Expression Preview (Edit Expression to add code):

((http.request.uri.path contains “/xmlrpc.php”) or (http.request.uri.path contains “/wp-login.php”) or (http.request.uri.path contains “/wp-admin/” and not http.request.uri.path contains “/wp-admin/admin-ajax.php” and not http.request.uri.path contains ” /wp-admin/theme-editor.php”)) and ip.geoip.country ne “US”

Action: JS Challenge

IMPORTANT: Just do know that for this code (and ip.geoip.country ne “US”), the PH represents to your country or location. So you need to use your own for that section. It means the ACTION will not take place to your country.

2. For Blocking Bad bots

Rule Name: Block bad bots

Expression Preview (Edit Expression to add code):

(http.user_agent contains “Yandex”) or (http.user_agent contains “muckrack”) or (http.user_agent contains “Qwantify”) or (http.user_agent contains “Sogou”) or (http.user_agent contains “BUbiNG”) or (http.user_agent contains “knowledge”) or (http.user_agent contains “CFNetwork”) or (http.user_agent contains “Scrapy”) or (http.user_agent contains “SemrushBot”) or (http.user_agent contains “AhrefsBot”) or (http.user_agent contains “Baiduspider”) or (http.user_agent contains “python-requests”) or (http.user_agent contains “crawl” and not cf.client.bot) or (http.user_agent contains “Crawl” and not cf.client.bot) or (http.user_agent contains “bot” and not http.user_agent contains “bingbot” and not http.user_agent contains “Google” and not http.user_agent contains “Twitter” and not cf.client.bot) or (http.user_agent contains “Bot” and not http.user_agent contains “Google” and not cf.client.bot) or (http.user_agent contains “Spider” and not cf.client.bot) or (http.user_agent contains “spider” and not cf.client.bot)

Action: Block

If you have any questions, leave a comment down below or submit a post on our community forums.

Until next time, ciao!