How to Secure Login Page w/ Cloudflare Access Feature?

For a long time, finding a better way to secure login page, finding a better way to protect wp-login.php page from attackers. And finally have found a solution, CloudFlare Access is protecting our login page now. Access is really a nice feature by CloudFlare – the largest security provider available on the web.

Why We Use CloudFlare Access?

First visit our login page to view the magic, our login page is protected by CloudFlare security! By using the feature in login page, we are enjoying many benefits. It is not like the usual two factor authentication. It is actually two factor authentication of the login page by using CloudFlare secure server!

If you use two factor authentication plugin, attackers have options to try different usernames and passwords because two factor comes after username and password. By doing the process again and again, attackers can do serious damage to your website’s server and the server may go down in this process.

That’s why, we are using CloudFlare Access over two factor authentication. It doesn’t allow attackers to access the login page before authenticated. And your server will be safe as it should be because everything will happen in CloudFlare’s server. Most importantly, you can rely on CloudFlare – the big name in the security field.

The other reason is, we can monitor who had accessed the login page and when! Really nice to have access audit, it is very useful for team-work. There are some other reasons you should try this feature described in their blog post. Let’s learn, how to enable email authentication to secure login page by CloudFlare Access.

Process to Secure Login Page by Access

There are many authentication options available in CloudFlare Access settings. We will not discuss about all authentication options. We’ll show you how to enable email authentication to access your website’s login page. To enable email authentication, do the following steps –

1. Go to CloudFlare Access Page

Login to your CloudFlare account and go to Access settings page. This page looks like the image –

Cloudflare Access Settings Page

Important : You may need to apply to enable Access feature for your account. If you didn’t apply yet, there will be a link to apply. Then click on the link and you will get confirmation email of approval soon (in most cases).

2. Add a One-Time Pin Login Method

Click on “Add” available under “Login Methods” (see the previous image) and then select “One-Time Pin” option.

3. Setup a Login Page Domain (Optional)

Set up this under “Login Page Domain” (see the previous image). There should be a value already, so you may ignore this. But you can change existing value if you wish to change.

4. Customize Your Login Page (Optional)

You can customize login page by clicking on the image under “Customize Your Login Page” (see previous image). You can customize everything as your liking like the image! Click on “Save” after modification.

Cloudflare Access Login Page Customize

5. Create Access Policy

Most important step! To create access policy click on “Create Access Policy” (see the first image) and then set up everything like the image. You can change wp-login.php to any page you want to protect! Don’t forget to include your email addresses in “Emails” input field where you want to get authentication code.

Cloudflare Edit Access Policy

Click on “Save” after modification. You can edit the created access policy and can revoke existing access anytime as you wish! You can also create another access policy to protect another page.

After the Modifications

After all the modifications to secure login page described above, the authentication page looks like the image. You have to enter the email that you set up in access policy and then click on “Send me a code” button.

Cloudflare Access Auth Page

If your email matches with the first one, you will get authentication code by the email from CloudFlare Access. Now Copy the code from the email you received and Paste it to the next window and click on “Sign in” button.

Cloudflare Access Auth Waiting

After this, you will be redirected to the page you protected. By this process, you can protect any page you want including login page. Another good thing is, you can monitor access logs within the CloudFlare Access page. By the way, you should not miss the feature anyway. It really ensures better login page security.

That’s it. Have a say? Let’s discuss through comments. We will be really happy to assist you.

3 Comments on this.

  1. Hello

    Good description – thanks. My problem is that I have users on the site who can’t log out now. I use WooCommerce and it seems that the logout path also goes through wp-login.php… do you have any ideas?


Leave a Reply

Email address will not be published. Remember to keep comments follow our guidelines.