Staff Writer

WAF Rules We Recommend for Cloudflare

by

The following settings are not only important for Security, and Maintenance, but also to ensure your plugins work properly. Some of the plugins send out data, but some loop back for confirmation so please make sure you go through all 6 steps below and feel free to reach out to us if you have any questions about any of it!

1. DNS

2. Security > Bots

3. Security > WAF > Firewall Rules

See rules below screen shot (just copy and paste them)

 

Rule#1 – Block Russia,China,India and Africa:
Expression:
(http.request.uri.path contains “/wp-login.php” and ip.geoip.country ne “US”) or (http.request.uri.path contains “/wp-admin/” and http.request.uri.path ne “/wp-admin/admin-ajax.php” and ip.geoip.country ne “US”)

Should look like this when done… (click image to enlarge)

Rule#2 – Block WP login and admin outside of US:
Expression:
(ip.geoip.country eq “RU”) or (ip.geoip.country eq “CN”) or (ip.geoip.country eq “IN”) or (ip.geoip.country eq “SG”) or (ip.geoip.continent eq “AF”)

Should look like this when done… (click image to enlarge)

 

4. SSL / TLS

 

WAF Rules We Recommend for Cloudflare

Setting Your Stripe API Keys

by

Login to your Stripe account once it’s been fully activated.

Paste those into the two fields in your Stripe settings in WP Job Board or WooCommerce, depending on which of those you’re setting up now.

VERY IMPORTANT:

Make sure you save the “Secret Key” somewhere separate like in a word doc or something because you only get ONE chance to copy it. After this, it is not possible to reveal it again, you would have to reset it which means you’d have to resend the new key to us or reset your connection to the shop or program you’re using this key with.

 

MuniCreative, Inc. & MunicipalPros