[levidurfee]

Thank you for your feedback! You're right, you can do this with any web server, but that is difficult for some people to implement. I'm not saying people shouldn't learn, and do difficult things to protect their websites, but starting with the Cloudflare Firewall is a step in the right direction.

What are the odds you can guess the IP address of my server? They're pretty slim I think. Also, if I use Cloudflare's Authenticated Origin Pulls, my web server won't respond to your request if you managed to find my IP.

Also, I'm not saying you shouldn't take other security measures, like having a secure password, use mod_security, etc. The intent of using these firewall rules are to prevent login attempts, or at least reduce the number of login attempts to your WP site.

Moreover, if I were to use Cloudflare Argo Tunnel, then it would mean my server is not directly accessible on the internet.

https://support.cloudflare.com/hc/en-us/articles/204899617-A... https://www.cloudflare.com/products/argo-tunnel/