Protect your WP sites for free with Cloudflare

Blocking hackers is a big pain
in the ass for WordPress sites. Why? Because WordPress is one of the most
famous CMS platforms in the world. And for that reason,
when a hacker wants to hack a site, the probabilities of it being
a WordPress site are really high. And for that reason,
they try to hack WordPress sites. So if you're on a WordPress site,
you want to prevent this. And for that, I'm going to show you
a way to prevent this using CloudFlare. And CloudFlare, I mean the free version. So you don't have to pay anything,
but you're going to be able to block hackers from even reaching
your hosting provider. So it's well worth using this. Now, before we jump into the actual rules and how this actually works,
I want to show you my sponsor, which is Hostinger,
which I have several sites here. And if you want to grab a hosting or plan for your hosting, go ahead
and go jump into hosting. And there's two really main products that I think that you should grab,
which is web hosting, which is your shared hosting,
and BPS hosting, which is what I use.

If you grab a BPS hosting, you have several plans available
depending on your needs. And if you want to grab one of these,
for example, the most popular one, which is 7.99 a month,
go ahead and add it to cart. And once you've added to cart,
you have two options. You can select one month for 18.99,
which is not such a great deal. But if you want to grab the 7.99 plan,
grab the 12 months in advance. Plus, the renewal price is much better. But there's an extra discount coupon
code that I want to show you. For example, it's $95.88, but if you have a coupon like the one I
have here in the type in SaaS Master, apply it, and now it's going
to be $86.29 for the year. And this is a BPS
with really great limits. So grab that. Now let's jump over to CloudFlux
for the actual setup. Now for my particular site, which is the
WordPress site, I have several of these. But if I go to a login page,
for example, this is my WordPress site, but if I want to jump into a login page,
let me go ahead and type it in.

Let's go to it. Here we go. Boom, it's been blocked. Even I don't have access to it
because that's the way I set it up. Unless I white-label my IP address,
which I'll show you in a bit. Let's jump over to the rules. This is my particular site
inside of CloudFlare. And even if you are on a hosting or plan, hosting panel, you can still use
CloudFlare as your DNS provider. This way you're preventing hackers
from even reaching your hosting plan. Right now, in the last 30 days,
there's been, this is the traffic security, there's been
4,3007 deep blocks in 30 days. Top country that I've been trying
to get hacked from is USA. Top threat type, a bad browser. There's a threat country. Here you can see threats and you
can see the more information there. But to set this up, jump over to the security tab here
and you give you the events.

Now, if you haven't set up the WAF rules, which I'm going to show you right now,
you won't see events, okay? These events means that it's
been people, it's been blocking. For example, someone from India tried to reach this particular section
of my website, which they have no business in that section of my website,
so it's been automatically blocked. Someone who's surfing on a website
is not going to those extensions. That's someone who wants
to hack your site. So to block these people, go into WAV, and this is where we're going
to set up our firewall rules. Now on the free plan, you get up to five
rules, and it's more than enough. Now the first rule is
dedicated to WordPress. Let me click on this rule. And this rule, what it's doing is if
someone is going to this URL path and if it contains this in the URL,
it is going to get blocked. This is the action. If this happens,
this is going to be the action. In this case, I can block. I could do a managed challenge, a JS challenge, skip,
or interactive challenge.

The most popular ones is
blocked and managed challenge. Managed challenge is when you jump into the site and you see a CloudFair page
before you actually jump into the site, it's just trying to prevent if it's
someone potentially known as a hacker or someone who's suspicious,
they will get the CloudFair screen and they'll have to say,
I'm not a robot, or they'll get blocked. But in this case, I'm doing a hard block.
Why? Because even myself,
I want to block myself. And if I want to reach the site,
I'll whitelist my IP address. So what's happening there? The URL path that contains wp-admin,
it's getting blocked automatically. And if there are going to wp-login. Php, if they're going to the xml-rpc. Php, they are getting blocked. If they're going to these sections,
they are getting blocked. Now, if you have a different login page,
because that does happen when you're using the plugin or you just changed the login
page, so this is the one by default, but if you change it to something else,
you can go ahead and add it also.

I would still recommend that you add this page even if you have
a different login page. Why?
Because hackers are still going to get blocked and it's not even going
to load a 404 page on your site. Cloud4 is going to do the job for you. What I'm going to do is add or. If this or this or this or
this is going to block, okay? The next one is going to be a URL path. Here it is. I could use equals, Contains. So in my case, I use Contains because it's
more broader, instead of being precise. I'm going to do Contains and I'm going to say, Login is the other
page that I've created. And again, I want to block hackers
from reaching that section. So they don't even try to hack or try
to use fake passwords or anything like that to hack my site because they are
going to get blocked from this section.

Now, if I want to use a precise one,
it'll be like this. So it has to be like this,
and I'll add that one. Let's go ahead and save it,
and it's been blocked. Let me go into my site. Let me go into the main page. Here's the main page. I'm going to go to the
path that says Login. Blocked.
Even if that is not a real login page or anything like that,
it's still going to block it.

But what if I type in something else
from the end of that? Let's go to paste, and it just goes
to another section of my site. Imagine that someone is trying to hack your site and they try to go to the admin
login section of your site, it'll do this. So it's going to load your
site even if it's a hacker. That's why I recommend that you still add
the other rules from other pages that might be prone to be
used as a login page.

Now there's more rules. Let's go into WAF, and here we go. I've also added a threat score. That means that if someone is detected by CloudFlare as being threatening
over 40 because it's a threat score greater than 40, it's going
to do a manage challenge. They still have a chance to view my site,
but they'll go through the CloudFlare screen and they'll have to go through
the process of accepting or puzzle or something like that
to actually view my site.

And what happens with this? With a managed score,
with a managed challenge? With a managed challenge,
you get the challenge solved rate. So in this case, for this particular one,
there's been 20 of these viewers that try to go to my site
and they didn't solve anything. So that means zero %. Issues solved. So that means that if someone really wanted to go to your site,
if it was a real user, they would go through the process of the
CloudFlare screen, which is super simple. And that's what happens
with the threat score.

Now, I've also created the HTTP version. So bots are prone to use 1.0 HTTP. So in this case,
I'm doing a managed challenge. And as you can see,
20 of these users have been blocked. And this is in the… I think it's the last 24 hours. So in the last 24 hours,
this is what's been happening. And I've also added block
suspicious query parameters. Sometimes I enable it and disable it
because some plugins will try to reach these types of sections,
and that's why I enable these. But go ahead and copy this WordPress rules
if you want to prevent hackers from reaching your site
and add more if you need them. If you know that there's other sections
of your site that you know that need protection, go ahead
and add them right here. Those are the ones that I recommend to
prevent hackers from reaching your site. So just like you see right here, someone from the United States
with a customer try to reach wp-login. Php. Like I said, they have no reason
to be there because that wasn't me. And that means that they
want to hack my site.

So set up those rules. And don't forget that there's an extra discount coupon code on Hostinger
if you want to grab the plan. Remember, short hosting
and BPS are really great. Also, if you want to grab the cloud hosting and tighten business,
if you're going to do a lot of sending emails for email marketing,
I do recommend that one also. And don't forget to use my coupon code
that's available in the description. And that's a wrap for the WordPress rules to prevent hackers
from reaching your site..

As found on YouTube

Get Your Resources Here:

You May Also Like