新建一个防火墙规则,填写防火墙规则:URI Full contains wp-login(如下图所示)则触发规则,采取的措施是 JS Challenge:
实际效果就是只要访问了 wp-login.php,就会触发 Cloudflare 的 5 秒盾,自己访问不受影响,那些探测器就别想暴力破解登录密码了:
(http.request.full_uri contains "wp-login")
在WP-login.php之后,XMLRPC.php是第二个最常见的攻击目标
(cf.threat_score ge 2 and not cf.client.bot) or (http.request.uri contains "xmlrpc.php") or (http.request.uri contains "/wp-admin/") or (http.request.uri contains "wp-cron.php")
(ip.geoip.country eq "CN") or (http.request.uri contains "downloader") or (http.request.uri contains "vendor") or (http.request.uri contains ".tar") or (http.request.uri contains ".gz") or (http.request.uri contains ".zip") or (http.request.uri contains ".sql") or (cf.threat_score gt 50) or (http.request.uri contains ".asp") or (http.request.uri contains "well-known" and http.user_agent contains "Apache-HttpClient/4.5.2") or (http.user_agent contains "Go-http-client") or (http.user_agent contains "python-requests") or (http.user_agent contains "Ruby") or (http.user_agent contains "masscan") or (http.user_agent contains "Go http package") or (http.user_agent contains "rest-client") or (http.user_agent contains "Nuclei") or (ip.src eq 59.42.121.6) or (http.request.uri contains "wp-cron.php") or (http.request.uri contains "/wp-admin/admin-ajax.php")
如何为WordPress配置Cloudflare设置
https://wpjian.com/tips/2020051532782.html