Wordpress Security Foundation image

Learning Wordfence with CloudFlare

Learning Wordfence with CloudFlare is aimed at webmasters who want high levels of security without restricting authorized users.

This is a group learning exercise. Nobody yet knows the absolute best way of managing Wordfence and CloudFlare together. In this extended exercise, we consider the best way to produce guidelines for webmasters. There is no time limit on this exercise. It is likely that I will use this group discussion to produce interim guidelines. Then we can continue to refine best practice in the usual way.

Please note that this discussion is about managing Wordfence together with CloudFlare. I cover the individual services in other lessons. Please ask in Shrewdies Internet Forum about either of those services in isolation.

Wordfence with CloudFlare

The essence of this combination is:

We use Wordfence to identify authorized users and security threats. We use that Wordfence security data to whitelist or restrict access in CloudFlare.

So, now we need to learn the best procedures to administer this efficiently.

Note, I want to consider this in two situations:

  • Where one Wordfence installation feeds one CloudFlare account
  • Where multiple Wordfence installations feed one CloudFlare account

First, we need to consider the Wordfence IP address security data. Remember, we have the good guys and the bad guys. I collate the ‘bad guys’ using my WordPress Security Threat IP Address Data table in Learning WordPress Security Threats with Wordfence & CloudFlare

We must also consider security data from services other than Wordfence. I will consider this after we have sufficient Wordfence data to start a valid discussion.

Wordfence Authorized User IP Address Data

Wordfence optionally reports successful logins. We can collect the data from the email reports.

Internet Security Records Update: November 2016

I have moved Wordfence Authorized User IP Address Data to KeĈaTa Internet Security Records. To find them in the list above search for ‘transferred’.

Wordpress Security Foundation image

CloudFlare & Wordfence for the best WordPress Security Foundation

Learning Wordfence with CloudFlare

For now, I will focus on collecting data, and measuring how much time this requires each day.

After that, we can start building rules about when to whitelist or restrict identified IP addresses and AS numbers.

Please leave your comments about Learning Wordfence with CloudFlare below. If you want to ask about other aspects of Wordfence, CloudFlare, or anything else, please ask in the Internet Forum.

Learning Wordfence with CloudFlare: Document History

Date Revision
Jun 15, 2016 (first archive). First Published. Since first publication, I’ve made several undocumented revisions. The most significant of these are noted in the comments.
Nov 29, 2016 (archive). Moved Wordfence Authorized User IP Address Data to KeĈaTa Internet Security Records. Removed paragraph about interim records at Retayler (which now need re-transferring to KeĈaTa).
MMM nn, YYYY (archive).

If you see Shrewdies pages that I should improve, please suggest a Shrewdies page review.

8 thoughts on “Learning Wordfence with CloudFlare

  1. Keith Taylor Post author

    In half an hour today, I added 10 Wordfence Authorized User IP Addresses, bringing the total to 13.

    I think 10 per day is a realistic target to start reducing the backlog of data. This should be 7 Authorized User and 3 Security Threats.

    1. Keith Taylor Post author

      I added 4 more Security Threat IP Addresses from a WP 404 security check. This is not Wordfence, but I cannot see any benefit from creating a separate log of suspicious incidents for non-Wordfence data. This brings the total in Wordfence Security Threat IP Address Data to 12, but I will change the title and add a note during the next update.

    2. Keith Taylor Post author

      In another half hour session today, I added 7 good guys, and 3 bad guys. This brings the totals to 27 Wordfence Authorized User IP Addresses, and 23 Security Threat IP Addresses.

      I’m now considering splitting this page. I will keep Authorized Access data here. And, I will create a new post for suspicious internet service providers.

      I’m also considering increasing the time to half an hour for good guys, and for bad guys. This will be a temporary resource increase until I can reduce the backlog.

Leave a Reply