View Categories

Overview

2 min read

The Setup & Rules page is your central “Checklist.” It guides you through configuring seven specific security layers to ensure your site is locked down while remaining accessible to real visitors. It sits between your site and the internet, filtering out malicious traffic before it ever touches your server.

Getting Started

Before you begin, ensure your Cloudflare account is connected.

Cloudflare WAF rules in ultimate security
  • Status Check: If you see a “Cloudflare not connected” warning at the top, your rules will not protect your site live.
  • You can customize settings in any order, but you must Preview & Deploy (Step 7) to push those changes live.

Cloudflare Checklist

Each item below represents a “Rule Group.” Click the Open button next to any item to configure it.

1. Cloudflare Setup

This is the “engine” that powers the firewall. Without this, the other rules cannot be deployed.

2. Allow Good Bots

It ensures your search engine rankings are safe. You want security to block hackers, not search engines.

3. Block Crawlers & WP Paths

Hackers often target files like xmlrpc.php to guess passwords. This rule shuts that door.

4. Block Web Hosts & TOR

Most genuine visitors use a home or mobile internet provider. Traffic from data centers is often automated or malicious.

5. Challenge Cloud Providers & Countries

It stops automated scripts while still allowing a real human to click a button and enter your site.

6. Challenge VPN & Login

The login page is the most attacked part of a site. This ensures that even if someone hides behind a VPN, they must prove they are human.

7. Preview & Deploy

Nothing is live until you do this. Think of this as the “Save and Publish” button for your entire firewall.

Quick Status Guide

Keep an eye on the colored badges next to each rule:

  • Not Configured (Grey): Needs your initial setup.
  • Needs Review (Orange): The rule is active but requires you to check the settings for your specific site.
  • Deployed (Green): The rule is live and protecting your site.

Note: Rule groups ship enabled by default, but they are NOT automatically active until you review, save, and deploy them. Don’t assume you’re protected just because you see the checklist

What are your Feelings

Leave a Reply

Your email address will not be published. Required fields are marked *

Scroll to Top