Title: Block Logins with Cloudflare Author: supersoju Published: 23 Marzo 2026 Last modified: 17 Aprile 2026 --- Ricerca i plugin ![](https://ps.w.org/block-logins-cf/assets/icon-256x256.png?rev=3489069) # Block Logins with Cloudflare Di [supersoju](https://profiles.wordpress.org/supersoju/) [Scarica](https://downloads.wordpress.org/plugin/block-logins-cf.1.2.zip) * [Dettagli](https://it.wordpress.org/plugins/block-logins-cf/#description) * [Recensioni](https://it.wordpress.org/plugins/block-logins-cf/#reviews) * [Installazione](https://it.wordpress.org/plugins/block-logins-cf/#installation) * [Sviluppo](https://it.wordpress.org/plugins/block-logins-cf/#developers) [Supporto](https://wordpress.org/support/plugin/block-logins-cf/) ## Descrizione **Block Logins with Cloudflare** helps protect your WordPress site from brute-force attacks by blocking IPs at the Cloudflare firewall after a configurable number of failed login attempts. * Block IPs via Cloudflare after X failed login attempts * Block IPs that generate excessive 404 responses (bots and scanners) * Block IPs attacking via XML-RPC with intelligent detection * Automatic unblocking after a configurable duration * Whitelist IPs to never block or track them (supports IPv6 CIDR ranges) * View and manually unblock blocked IPs from the admin * Block source tracking — see whether each IP was blocked via login, XML-RPC, or 404 * Secure settings page with Cloudflare API token validation * Hourly cron job for automatic maintenance ### External Services This plugin relies on the **Cloudflare API** to function. It communicates with Cloudflare’s external servers to block IP addresses at the firewall level. **What is the Cloudflare API and what is it used for?** The Cloudflare API is a RESTful service provided by Cloudflare, Inc. that allows programmatic management of Cloudflare firewall rules. This plugin uses it to automatically block and unblock IP addresses based on failed login attempts, XML-RPC attacks, and 404 scanning activity. **What data is sent and when?** The plugin sends the following data to Cloudflare’s API servers: 1. **During settings validation** (when you save Cloudflare credentials): 2. * Your Cloudflare API token (for verification) * Endpoint: `https://api.cloudflare.com/client/v4/user/tokens/verify` 3. **When blocking an IP** (after a threshold is reached): 4. * The IP address to be blocked * Your Cloudflare email address and API key/token * Your Cloudflare Zone ID * A note describing the reason for the block * Endpoint: `https://api.cloudflare.com/client/v4/zones/{zone_id}/firewall/access_rules/ rules` No personally identifiable information about your WordPress users is transmitted. Only IP addresses are sent to Cloudflare. **Service provider information:** – Service: Cloudflare API – Provider: Cloudflare, Inc. – Terms of Service: https://www.cloudflare.com/terms/ – Privacy Policy: https:// www.cloudflare.com/privacypolicy/ – API Documentation: https://developers.cloudflare. com/api/ **Required for functionality:** This plugin requires a Cloudflare account and will not function without valid Cloudflare API credentials. The external API calls are essential to the plugin’s core functionality. ### License GNU General Public License v2 or later ## Installazione 1. Upload the plugin files to the `/wp-content/plugins/block-logins-cf` directory, or install through the WordPress plugins screen. 2. Activate the plugin through the ‘Plugins’ screen. 3. Go to **Block Logins CF** in the admin sidebar to configure your Cloudflare credentials and settings. ## FAQ ### What permissions does my Cloudflare API token need? Your token needs `Zone.Zone` and `Zone.Firewall` permissions for the relevant zone. ### Where do I find my Cloudflare Zone ID? In your Cloudflare dashboard, select your domain and look for the Zone ID in the Overview tab. ### Does this block at the Cloudflare level or just WordPress? This plugin blocks IPs at the Cloudflare firewall, stopping attacks before they reach your server. ### What does 404 blocking protect against? It detects bots and vulnerability scanners that probe your site by requesting many non-existent URLs. When an IP exceeds the configurable 404 threshold, it is blocked via Cloudflare just like a brute-force login attacker. ## Recensioni Non ci sono recensioni per questo plugin. ## Contributi e sviluppo “Block Logins with Cloudflare” è un software open source. Le persone che hanno contribuito allo sviluppo di questo plugin sono indicate di seguito. Collaboratori * [ supersoju ](https://profiles.wordpress.org/supersoju/) [Traduci “Block Logins with Cloudflare” nella tua lingua.](https://translate.wordpress.org/projects/wp-plugins/block-logins-cf) ### Ti interessa lo sviluppo? [Esplora il codice](https://plugins.trac.wordpress.org/browser/block-logins-cf/) segui il [repository SVN](https://plugins.svn.wordpress.org/block-logins-cf/), segui il [log delle modifiche](https://plugins.trac.wordpress.org/log/block-logins-cf/) tramite [RSS](https://plugins.trac.wordpress.org/log/block-logins-cf/?limit=100&mode=stop_on_copy&format=rss). ## Changelog #### 1.1 * Added 404-based IP blocking to detect and block bots and vulnerability scanners * Added XML-RPC protection with intelligent attack detection * Added block source tracking — blocked IPs now show whether they were blocked via login, XML-RPC, or 404 * Added 404 activity log in the Blocked IPs admin page * Added IPv6 CIDR range support in the IP whitelist * Added caching for Cloudflare API token validation to prevent throttling #### 1.0 * Initial release ## Meta * Versione **1.2** * Ultimo aggiornamento **1 mese fa** * Installazioni attive **Meno di 10** * Versione WordPress ** 6.0 o superiore ** * Testato fino alla versione **7.0** * Versione PHP ** 7.4 o superiore ** * Lingua * [English (US)](https://wordpress.org/plugins/block-logins-cf/) * Tag * [Brute Force](https://it.wordpress.org/plugins/tags/brute-force/)[cloudflare](https://it.wordpress.org/plugins/tags/cloudflare/) [firewall](https://it.wordpress.org/plugins/tags/firewall/)[login](https://it.wordpress.org/plugins/tags/login/) [security](https://it.wordpress.org/plugins/tags/security/) * [Visualizzazione avanzata](https://it.wordpress.org/plugins/block-logins-cf/advanced/) ## Valutazioni Non sono state ancora inviate recensioni. [Your review](https://wordpress.org/support/plugin/block-logins-cf/reviews/#new-post) [Vedi tutte le recensioni](https://wordpress.org/support/plugin/block-logins-cf/reviews/) ## Collaboratori * [ supersoju ](https://profiles.wordpress.org/supersoju/) ## Supporto Hai qualcosa da dire? Ti serve aiuto? [Chiedi nel forum di supporto](https://wordpress.org/support/plugin/block-logins-cf/)