Back
Block Logins with Cloudflare

Block Logins with Cloudflare

By supersoju
Details
View on WordPress
Back

Block Logins with Cloudflare helps protect your WordPress site from brute-force attacks by blocking IPs at the Cloudflare firewall after a configurable number of failed login attempts.

  • Block IPs via Cloudflare after X failed login attempts
  • Automatic unblocking after a configurable duration
  • Whitelist IPs to never block or track them
  • View and manually unblock blocked IPs from the admin
  • Secure settings page with Cloudflare API token validation
  • Hourly cron job for automatic maintenance

External Services

This plugin relies on the Cloudflare API to function. It communicates with Cloudflare’s external servers to block IP addresses at the firewall level.

What is the Cloudflare API and what is it used for?
The Cloudflare API is a RESTful service provided by Cloudflare, Inc. that allows programmatic management of Cloudflare firewall rules. This plugin uses it to automatically block and unblock IP addresses based on failed login attempts.

What data is sent and when?
The plugin sends the following data to Cloudflare’s API servers:

  1. During settings validation (when you save Cloudflare credentials):

    • Your Cloudflare API token (for verification)
    • Endpoint: https://api.cloudflare.com/client/v4/user/tokens/verify

  2. When blocking an IP (after failed login threshold is reached):

    • The IP address to be blocked
    • Your Cloudflare email address and API key/token
    • Your Cloudflare Zone ID
    • A note describing the reason for the block
    • Endpoint: https://api.cloudflare.com/client/v4/zones/{zone_id}/firewall/access_rules/rules

No personally identifiable information about your WordPress users is transmitted. Only IP addresses of failed login attempts are sent to Cloudflare.

Service provider information:
– Service: Cloudflare API
– Provider: Cloudflare, Inc.
– Terms of Service: https://www.cloudflare.com/terms/
– Privacy Policy: https://www.cloudflare.com/privacypolicy/
– API Documentation: https://developers.cloudflare.com/api/

Required for functionality:
This plugin requires a Cloudflare account and will not function without valid Cloudflare API credentials. The external API calls are essential to the plugin’s core functionality.

License

GNU General Public License v2 or later

Details

Plugin code:
block-logins-cf
Plugin version:
1.0
Author:
supersoju
Outdated:
No
WP version:
6.0 or higher
PHP version:
7.4 or higher
Test up to WP version:
7.0
Total installations:
0
Last updated:
2026-03-23
Rating:
Times rated:
0
brute-force
cloudflare
firewall
login
security

Related plugins

Plugins that also contain the tag brute-force

Anti-Malware Security and Brute-Force Firewall
Anti-Malware Security and Brute-Force Firewall
CloudSecure WP Security
CloudSecure WP Security
WP fail2ban – Advanced Security
WP fail2ban – Advanced Security
XO Security
XO Security
IP Geo Block
IP Geo Block
HTTP Auth
HTTP Auth
We use cookies on our website to enhance your browsing experience. By using our site, you agree to the use of cookies, including those from Google Analytics and Google AdSense, for analytics and personalized advertising. You can view our full privacy policy by clicking here. Thank you for visiting!
Got it
Searchable WordPress plugin database - Plugin for that
Popular tags
gallery
ecommerce
chat
embed
post
newsletter
payments
google
blocks
contact-form-7
images
gutenberg
spam
elementor
checkout
security
menu
users
slider
video
About

Plugin for that tries to help you find the WordPress plugin you are looking for.

Please enjoy an image of Crush (this awesome turtle) and have a lovely day!Crush

We do not own any plugin listed on this site and do not work for or work with WordPress.com or it's associated companies. We simply provide a searchable list of the available WordPress plugins.

Plugin for that - Created with by Intology