For a long time, finding a better way to secure our login page, a better way to protect
wp-login.php page from attackers. And finally a solution! Cloudflare Access is protecting our login page now.
In this tutorial, we’d like to share why we use Cloudflare Access to safeguard our login page and how you can implement this on your site to protect sensitive pages from attackers.
Why We Use Cloudflare Access?
First, visit our login page to witness the magic, the login page is protected by Cloudflare Access! You can no longer access the page and try different types of usernames and passwords!
By using the feature on the login page, we are enjoying many benefits. It is not like the usual two-factor authentication, it’s actually two-factor authentication of the login page by using Cloudflare’s secure server! And you can rely on Cloudflare – the biggest name in the security field.
If you use a two-factor authentication plugin, attackers have options to try different usernames and passwords because two-factor comes later. By doing the process again and again, attackers can do serious damage to your website’s server, and the server may go down in the process.
That’s why we are using Cloudflare Access over two-factor authentication. It doesn’t allow attackers to access the protected page before authenticated. And your server will be safe as it should be because everything will happen on Cloudflare’s secure server.
The best thing is, there’s an access audit within the Cloudflare dashboard! You can monitor who had succeeded or failed to access the protected pages and when! You can also time-limit how long a user will have access to the protected page and you can also revoke all existing access with a click!
Want to learn more? Read their introduction blog post to learn more about the Cloudflare Access.
Secure Login Pages w/ Cloudflare Access
There are many authentication options available in Cloudflare Access settings. We will not discuss all authentication options here. We’ll show you how to enable email authentication to access your website’s login page. To enable email authentication for a page, do the following:
1. Open Cloudflare Access Settings Page
IMPORTANT: You may need to subscribe to Cloudflare Teams to enable the Access feature for your account. Don’t worry! You can be part of the Cloudflare Teams for free, the Access feature is free for up to 50 users/month, and it should be enough for small to medium-sized companies.
2. Add One-Time Pin Login Method
Click on “Add” available under the “Login Methods” section (see the previous image) and then select the “One-Time Pin” option from the options.
3. Setup Login Page Domain
Optional! Set up this under the “Login Page Domain” section (see the previous image). There should be a value already, so you may ignore this if you are okay with the existing value.
4. Customize Your Login Page
Optional! You can customize the login page by clicking on the image under the “Customize Your Login Page” section (see the previous image) if you wish to. You can customize everything to your liking like the image! Don’t forget to click on “Save” to save modifications.
5. Create Access Policy
Most important step! You have to create an access policy for your protected pages. To create an access policy click on “Create Access Policy” (see the first image) and then set up everything like the image.
You can change
wp-login.php to any page you want to protect! Don’t forget to include your email addresses in the “Emails” input field where you want to get the authentication code.
Click on “Save” after modification. You can edit the created access policy and can revoke existing access anytime as you wish! You can also create another access policy to protect another page.
Result After Modifications
After all the modifications to secure a login page, the authentication page looks like the image:
You have to enter the email that you set up in the access policy and then click on the “Send me a code” button. If your email matches with the first one, you will get an authentication code by the email.
Now Copy the authentication code from the email you just received and paste it to the next window and click on the “Sign in” button to access your protected login page.
After this, you will be redirected to the page you protected as you’re authenticated. By this process, you can protect any page you want including the login page.
Another good thing is, you can monitor access logs within the Cloudflare Access page. By the way, you should not miss the feature anyway. It really ensures better login page security.
That’s it. Have a say? Let’s discuss through comments. We will be really happy to assist you.