Cloudflare, Inc. is an American content delivery network and DDoS mitigation company, founded in 2010. It primarily acts as a reverse proxy between a website’s visitor and the Cloudflare customer’s hosting provider. Its headquarters are in San Francisco, California.
Cloudflare offers an excellent (and easy) way to lock down and secure various endpoints on your WordPress websites, as well as offering a simple one-click DDOS protection measure should you ever come under a serious attack. In this blog post, we’ll take a look at a variety of different rules you could employ. Cloudflare’s free plan comes with the ability to add 5 rules, so you can choose the ones that will best complement your existing server and application-level security setup. These rules fall under 4 categories: Locking down endpoints, preventing spam, blocking bad bots, and country/continent-based blocking.
How to Create a Firewall Rule
Creating Cloudflare firewall rules is quick and easy. Inside your Cloudflare account choose your website and then click through to the Security > WAF page. Here click the Create a Firewall Rule button.
Country or Continent Blocking
If your website isn’t serving a global audience, then country/continent blocking can be a handy tool to block a ton of malicious traffic without needing to worry about blocking legitimate visitors who are your website’s target audience. Not expecting any visitors from outside of your own country? You can block them (though do note that our/your hosting support team may also be blocked if/when you need assistance).
Navigate to the Security > WAF page, and click the Create Firewall Rule button.
First, give your rule an easy to identify name.
If you want to only allow specific countries, set the following:
Field: Country or Continent
Operator: “Is in”
Value: Choose your countries/continents
If you’re only allowing traffic from one country you can instead choose “equals” as the operator.
If you instead want to block specific countries, set the following:
Field: Country or Continent
Operator: “Is not in”
Value: Choose your countries/continents
