• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
NameHero® Blog

NameHero® Blog

Web Hosting Tips & Resources From NameHero

  • Hosting
    • Web Hosting
    • VPS Hosting
    • WordPress Hosting
    • WooCommerce Hosting
  • Reseller
  • Enterprise
  • Domains
  • Account
  • Blog Home
  • Categories
  • Authors

Forget Blocking – A Cloudflare JS Challenge Is The Best!

Bhagwad Park

Published on: January 24, 2022

Categories: Website Security 0

As website owners, we want to make our sites as accessible as possible to the right people. Unfortunately, there’s an inverse trade-off between strict security measures and the possibility of blocking real visitors. For example, I’d recently written a post on rate-limiting on Cloudflare, where we stop spammers from hammering our server with costly requests. But if a regular visitor were to accidentally trigger a rate-limiting rule, they would be locked out.

Fortunately, I’ve started using the “JS Challenge” tool to block visitors now. And it’s working great!

JS Challenge instead of Blocks

For a long time, I used to outright block requests to certain URLs. For example, I disable any access to PHP files from an outside server. Similarly, I used to block all “JSON” requests because I didn’t want any bots accessing details on my WordPress installation.

The problem with blocking JSON requests is that it prevents me from updating my WordPress posts! So every time I wanted to change something, I’d have to log into the Cloudflare firewall and disable the JSON rule, and then remember to re-enable it after I’m done. The same problem goes for disabling access to PHP files. Almost all WordPress admin work requires you to access PHP files.

That’s when I figured out that the “JS Challenge” system is much easier.

What is a JS Challenge?

When you enable a JS Challenge on Cloudflare instead of blocking, your visitor will see the following page for a few minutes:

JS Challenge Screen on Cloudflare
JS Challenge Screen on Cloudflare

For a real visitor, it’s not a big deal. After all, they’re not just viewing a page, but submitting a comment, or doing some serious work, which is why they need access to protected URLs in the first place. Bots should have no business accessing these pages either.

This page presents an expensive JS challenge when someone visits this page – humans and bots alike. And bots don’t have time for this – if they’re even capable of solving JavaScript, to begin with. For all the time I’ve tested this service, I haven’t seen even a single bot solve the Cloudflare JS Challenge. And the few human visitors that see it, are more than happy to wait a few seconds. Particularly if that human visitor is me!

How Effective is the JS Challenge?

Here’s a screenshot of my firewall rules that I set up for accessing PHP files that require a JS Challenge:

Bots Failed All the JS Challenges
Bots Failed All the JS Challenges

As you can see, the firewall has issued a challenge 523 times, and not one of them has been solved. So this means that all bots were blocked.

Further down, you can see that 97 challenges were issued for PHP file requests, and only one challenge was solved – and that was me. I’ve configured it so that my verification lasts for two hours. I’m usually done working on my site by then, so it’s fine. Though you can change this interval to be even longer if you want.

JS Challenges are Better than Captchas

One of the security measures that really annoys me is CAPTCHAS. They’re becoming so difficult to solve, that I often get them wrong, or break a sweat worrying about every little square that might or might not contain an image. To make matters worse, Cloudflare CAPTCHAS require you to solve two screens one after the other! It’s all a bit much.

While CAPTCHAS are a sure-shot way of stopping bots in their tracks, they’re incredibly annoying for human users. So I’m very happy to have found a JS Challenge solution that’s still fantastic for bots but barely registers on the annoyance factor for human visitors. The best of both worlds!

Bhagwad Park Profile Picture
Bhagwad Park

I’m a NameHero team member, and an expert on WordPress and web hosting. I’ve been in this industry since 2008. I’ve also developed apps on Android and have written extensive tutorials on managing Linux servers. You can contact me on my website WP-Tweaks.com!

Related Posts

How To Use An htaccess RewriteRule For Better SEO And Speed

Here's how to use an htaccess Rewrite rule to efficiently redirect old URLs to new ones in a transparent manner.

What Is Private DNS? A Detailed Guide

Have you heard the term Private DNS? Ever wondered what it means and why it even matters? Or you might know what it means but aren’t quite sure how to enable private DNS for your device. Either way, you’re in the right place.  Private DNS is a service that allows you to encrypt DNS queries, […]

Use Cloudflare Zero Trust For Free, Bulletproof WordPress Security

WordPress managers spend a lot of time, money, and effort designing and maintaining security solutions. For example, you might place the entire admin area of WordPress behind a VPN and only allow those connected to the VPN to access your sensitive backend. These solutions not only cost money, but they also take effort to maintain […]

How to Fix the “ERR_UNKNOWN_URL_SCHEME” Error

Here's why browsers throw the "ERR_UNKNOWN_URL_SCHEME", and what you can do to fix it. In most cases, the solution is simple.

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Primary Sidebar

Follow & Subscribe

Exclusive promos, content and more!

Most Popular Posts

NameHero’s Recommended WordPress Plugin and Theme Setup (2023)

WordPress Hosting vs. Web Hosting – What’s The Difference?

How To Increase The InnoDB Buffer Pool Size

How To Fix A Stuck All-in-One WP Migration Import

How To Add A Subdomain In Cloudflare

Top Categories

  • WordPress
  • WordPress Tutorials
  • Enterprise Hosting
  • WooCommerce
  • Web Hosting
  • Resellers
  • Website Security
  • Website Development
  • Website Performance
  • VPS Hosting
  • SEO Tips
  • Announcements
  • Domain Registration
NameHero

NameHero® proudly provides web hosting to over 40,000 customers with 99.9% uptime to over 750,000 websites.

  • Master Card
  • Visa
  • American Express
  • Discover
  • Paypal
Products
  • Web Hosting
  • VPS Hosting
  • WordPress Hosting
  • WooCommerce Hosting
  • Reseller Hosting
  • Enterprise Hosting
  • Domains
Help & Support
  • NameHero Blog
  • Support
  • Help Center
  • Migrations
  • Affiliates
  • Call 1-855-984-6263
Company
  • About Us
  • Contact Sales
  • Reviews
  • Uptime
  • We're Hiring

Copyright © 2023 Name Hero, LLC. All rights reserved.
NameHero® is a registered trademark.

  • Privacy Policy
  • Terms of Use
  • Acceptable Use Policy
  • Payment Policy
  • DMCA