plugin-icon

Block Logins with Cloudflare

제작자: supersoju·
Block brute-force login attempts by integrating with Cloudflare's firewall to automatically block IPs after failed logins.
Brute Force
cloudflare
firewall
평가
상품평 추가하기
버전
1.2
최근 업데이트일
Apr 17, 2026

Block Logins with Cloudflare helps protect your WordPress site from brute-force attacks by blocking IPs at the Cloudflare firewall after a configurable number of failed login attempts.

  • Block IPs via Cloudflare after X failed login attempts
  • Block IPs that generate excessive 404 responses (bots and scanners)
  • Block IPs attacking via XML-RPC with intelligent detection
  • Automatic unblocking after a configurable duration
  • Whitelist IPs to never block or track them (supports IPv6 CIDR ranges)
  • View and manually unblock blocked IPs from the admin
  • Block source tracking — see whether each IP was blocked via login, XML-RPC, or 404
  • Secure settings page with Cloudflare API token validation
  • Hourly cron job for automatic maintenance

External Services

This plugin relies on the Cloudflare API to function. It communicates with Cloudflare’s external servers to block IP addresses at the firewall level.

What is the Cloudflare API and what is it used for? The Cloudflare API is a RESTful service provided by Cloudflare, Inc. that allows programmatic management of Cloudflare firewall rules. This plugin uses it to automatically block and unblock IP addresses based on failed login attempts, XML-RPC attacks, and 404 scanning activity.

What data is sent and when? The plugin sends the following data to Cloudflare’s API servers:

  1. During settings validation (when you save Cloudflare credentials):

    • Your Cloudflare API token (for verification)
    • Endpoint: https://api.cloudflare.com/client/v4/user/tokens/verify

  2. When blocking an IP (after a threshold is reached):

    • The IP address to be blocked
    • Your Cloudflare email address and API key/token
    • Your Cloudflare Zone ID
    • A note describing the reason for the block
    • Endpoint: https://api.cloudflare.com/client/v4/zones/{zone_id}/firewall/access_rules/rules

No personally identifiable information about your WordPress users is transmitted. Only IP addresses are sent to Cloudflare.

Service provider information: – Service: Cloudflare API – Provider: Cloudflare, Inc. – Terms of Service: https://www.cloudflare.com/terms/ – Privacy Policy: https://www.cloudflare.com/privacypolicy/ – API Documentation: https://developers.cloudflare.com/api/

Required for functionality: This plugin requires a Cloudflare account and will not function without valid Cloudflare API credentials. The external API calls are essential to the plugin’s core functionality.

License

GNU General Public License v2 or later

무료유료 요금제에서
시작하기
설치하면 WordPress.com 서비스 약관서드파티 플러그인 약관에 동의하게 됩니다.
테스트된 버전
WordPress 7.0
이 플러그인은 다운로드할 수 있으며 에서 사용할 수 있습니다.
다운로드