內容簡介
Block Logins with Cloudflare 外掛可透過 Cloudflare 防火牆阻擋暴力破解攻擊,當登入失敗次數達到設定值後,便會封鎖該 IP 位址,提升網站安全性。
【主要功能】
• 根據失敗登入次數封鎖 IP 位址
• 封鎖產生過多 404 回應的 IP 位址
• 智能檢測封鎖 XML-RPC 攻擊的 IP 位址
• 設定時間後自動解除封鎖
• 支援 IP 白名單功能,永不封鎖特定 IP
• 查看並手動解除封鎖的 IP 位址
外掛標籤
開發者團隊
原文外掛簡介
Block Logins with Cloudflare helps protect your WordPress site from brute-force attacks by blocking IPs at the Cloudflare firewall after a configurable number of failed login attempts.
Block IPs via Cloudflare after X failed login attempts
Block IPs that generate excessive 404 responses (bots and scanners)
Block IPs attacking via XML-RPC with intelligent detection
Automatic unblocking after a configurable duration
Whitelist IPs to never block or track them (supports IPv6 CIDR ranges)
View and manually unblock blocked IPs from the admin
Block source tracking — see whether each IP was blocked via login, XML-RPC, or 404
Sync existing Cloudflare blocks into the local blocked IPs list
Secure settings page with Cloudflare API token validation
Hourly cron job for automatic maintenance
External Services
This plugin relies on the Cloudflare API to function. It communicates with Cloudflare’s external servers to block IP addresses at the firewall level.
What is the Cloudflare API and what is it used for?
The Cloudflare API is a RESTful service provided by Cloudflare, Inc. that allows programmatic management of Cloudflare firewall rules. This plugin uses it to automatically block and unblock IP addresses based on failed login attempts, XML-RPC attacks, and 404 scanning activity.
What data is sent and when?
The plugin sends the following data to Cloudflare’s API servers:
During settings validation (when you save Cloudflare credentials):
Your Cloudflare API token (for verification)
Endpoint: https://api.cloudflare.com/client/v4/user/tokens/verify
When blocking an IP (after a threshold is reached):
The IP address to be blocked
Your Cloudflare email address and API key/token
Your Cloudflare Zone ID
A note describing the reason for the block
Endpoint: https://api.cloudflare.com/client/v4/zones/{zone_id}/firewall/access_rules/rules
When syncing from Cloudflare (on demand):
Fetches existing firewall rules from your Cloudflare zone
Endpoint: https://api.cloudflare.com/client/v4/zones/{zone_id}/firewall/access_rules/rules
No personally identifiable information about your WordPress users is transmitted. Only IP addresses are sent to Cloudflare.
Service provider information:
– Service: Cloudflare API
– Provider: Cloudflare, Inc.
– Terms of Service: https://www.cloudflare.com/terms/
– Privacy Policy: https://www.cloudflare.com/privacypolicy/
– API Documentation: https://developers.cloudflare.com/api/
Required for functionality:
This plugin requires a Cloudflare account and will not function without valid Cloudflare API credentials. The external API calls are essential to the plugin’s core functionality.
License
GNU General Public License v2 or later
