Adds 404 blocking, XML-RPC protection, block source tracking, Cloudflare sync, and IPv6 CIDR whitelist support.<\/p>","1.0":"
First release.<\/p>"},"ratings":[],"assets_icons":{"icon-128x128.png":{"filename":"icon-128x128.png","revision":3489069,"resolution":"128x128","location":"assets","locale":""},"icon-256x256.png":{"filename":"icon-256x256.png","revision":3489069,"resolution":"256x256","location":"assets","locale":""}},"assets_banners":[],"assets_blueprints":{},"all_blocks":[],"tagged_versions":["1.0","1.1"],"block_files":[],"assets_screenshots":[],"screenshots":{"1":"Settings Page:<\/strong> Configure your Cloudflare credentials, blocking thresholds, and auto-unblock duration.","2":"Blocked IPs Management:<\/strong> View currently blocked IPs with source tracking, unblock them, and manage your whitelist.","3":"Whitelist Management:<\/strong> Add or remove IP addresses (including IPv6 CIDR ranges) from the whitelist."},"jetpack_post_was_ever_published":false},"plugin_section":[],"plugin_tags":[2439,3882,1174,602,600],"plugin_category":[38,54],"plugin_contributors":[82396],"plugin_business_model":[],"class_list":["post-239253","plugin","type-plugin","status-publish","hentry","plugin_tags-brute-force","plugin_tags-cloudflare","plugin_tags-firewall","plugin_tags-login","plugin_tags-security","plugin_category-authentication","plugin_category-security-and-spam-protection","plugin_contributors-supersoju","plugin_committers-supersoju"],"banners":[],"icons":{"svg":false,"icon":"https:\/\/ps.w.org\/block-logins-cf\/assets\/icon-128x128.png?rev=3489069","icon_2x":"https:\/\/ps.w.org\/block-logins-cf\/assets\/icon-256x256.png?rev=3489069","generated":false},"screenshots":[],"raw_content":"\n Block Logins with Cloudflare<\/strong> helps protect your WordPress site from brute-force attacks by blocking IPs at the Cloudflare firewall after a configurable number of failed login attempts.<\/p>\n\n This plugin relies on the Cloudflare API<\/strong> to function. It communicates with Cloudflare's external servers to block IP addresses at the firewall level.<\/p>\n\n What is the Cloudflare API and what is it used for?<\/strong>\nThe Cloudflare API is a RESTful service provided by Cloudflare, Inc. that allows programmatic management of Cloudflare firewall rules. This plugin uses it to automatically block and unblock IP addresses based on failed login attempts, XML-RPC attacks, and 404 scanning activity.<\/p>\n\n What data is sent and when?<\/strong>\nThe plugin sends the following data to Cloudflare's API servers:<\/p>\n\n During settings validation<\/strong> (when you save Cloudflare credentials):<\/p>\n\n When blocking an IP<\/strong> (after a threshold is reached):<\/p>\n\n When syncing from Cloudflare<\/strong> (on demand):<\/p>\n\n No personally identifiable information about your WordPress users is transmitted. Only IP addresses are sent to Cloudflare.<\/p>\n\n Service provider information:<\/strong>\n- Service: Cloudflare API\n- Provider: Cloudflare, Inc.\n- Terms of Service: https:\/\/www.cloudflare.com\/terms\/\n- Privacy Policy: https:\/\/www.cloudflare.com\/privacypolicy\/\n- API Documentation: https:\/\/developers.cloudflare.com\/api\/<\/p>\n\n Required for functionality:<\/strong>\nThis plugin requires a Cloudflare account and will not function without valid Cloudflare API credentials. The external API calls are essential to the plugin's core functionality.<\/p>\n\n GNU General Public License v2 or later<\/p>\n\n\n Your token needs In your Cloudflare dashboard, select your domain and look for the Zone ID in the Overview tab.<\/p><\/dd>\n This plugin blocks IPs at the Cloudflare firewall, stopping attacks before they reach your server.<\/p><\/dd>\n It detects bots and vulnerability scanners that probe your site by requesting many non-existent URLs. When an IP exceeds the configurable 404 threshold, it is blocked via Cloudflare just like a brute-force login attacker.<\/p><\/dd>\n Yes. Use the \"Sync from Cloudflare\" button on the Blocked IPs page to import existing Cloudflare firewall rules into the plugin's local list.<\/p><\/dd>\n\n<\/dl>\n\n\n\n
External Services<\/h3>\n\n
\n
\n
https:\/\/api.cloudflare.com\/client\/v4\/user\/tokens\/verify<\/code><\/li>\n<\/ul><\/li>\n\n
https:\/\/api.cloudflare.com\/client\/v4\/zones\/{zone_id}\/firewall\/access_rules\/rules<\/code><\/li>\n<\/ul><\/li>\n\n
https:\/\/api.cloudflare.com\/client\/v4\/zones\/{zone_id}\/firewall\/access_rules\/rules<\/code><\/li>\n<\/ul><\/li>\n<\/ol>\n\nLicense<\/h3>\n\n
\n
\/wp-content\/plugins\/block-logins-cf<\/code> directory, or install through the WordPress plugins screen.<\/li>\n\n
What permissions does my Cloudflare API token need?<\/h3><\/dt>\n
Zone.Zone<\/code> and Zone.Firewall<\/code> permissions for the relevant zone.<\/p><\/dd>\nWhere do I find my Cloudflare Zone ID?<\/h3><\/dt>\n
Does this block at the Cloudflare level or just WordPress?<\/h3><\/dt>\n
What does 404 blocking protect against?<\/h3><\/dt>\n
Can I sync blocks I already have in Cloudflare?<\/h3><\/dt>\n
1.1<\/h4>\n\n
\n
1.0<\/h4>\n\n
\n