WordPress managers spend a lot of time, money, and effort designing and maintaining security solutions. For example, you might place the entire admin area of WordPress behind a VPN and only allow those connected to the VPN to access your sensitive backend. These solutions not only cost money, but they also take effort to maintain and configure. You never know when an upgrade might mess things up or when someone will get accidentally locked out. I know – it’s happened to me more than once!
If you’re looking for a free alternative, look no further than Cloudflare Zero Trust to protect your WordPress site.
Getting Started with Cloudflare Zero Trust
Cloudflare Zero Trust refers to a range of solutions, but when it comes to protecting WordPress, we’re focusing solely on access to applications. You can get started with configuring Zero Trust by visiting the dashboard. You’ll find the section to get started under “Access -> Applications” as shown here:
From here, you can start configuring Cloudflare to protect WordPress. You’ll need to connect your WordPress website to use Cloudflare’s DNS servers, which I assume you already have.
How Cloudflare Zero Trust Works
The simplest workflow for Cloudflare Zero Trust goes like this.
Step 1: Specify Which Areas of Your Site you Want to Protect
You want most of your site to be visible to the public, so first, figure out which folders and subfolders you want to protect. For WordPress, that’s the “wp-admin” folder and the login page. Different software applications will have different sensitive areas.
Step 2: Specify Which E-mail Addresses Should Have Access
Here is the crucial difference between Cloudflare Zero Trust and other security solutions for WordPress. You create a list of people to whom you want to give access. On the configuration page, you can choose other identifiers as well. For example, you can restrict access to people only from certain countries or IP ranges (similar to a VPS in that case). In addition, you can mix and match various criteria and use “includes” and “excludes” options.
In other words, you can be as detailed or as loose as you want.
Step 3: People Need an “OTP” to Access Restricted Areas
Once someone tries to access a restricted area of your site, they’ll be asked to provide an e-mail ID. If the email belongs to the list of people you granted access to earlier, they’ll get an OTP in their e-mail, which they’ll have to enter into the access screen, and if it matches, they’re let through.
All This for Free
Amazingly, Cloudflare provides this service for free. For ordinary website owners and bloggers with 50 users or below, it’s an absolute no-brainer to use Cloudflare Zero Trust to protect their WordPress admin areas. Larger corporations with more users will have to pay extra for each user and get a bunch of cool features and 3-days of activity logging.
Do Away with VPNs Entirely
So far, the “go-to” solution for organizations has been a VPN, which requires a lot of configuration and software that users need to install on their local PCs to connect to it. Not to mention the problems of forgetting VPN passwords and ensuring that no individual user sucks up bandwidth or forgets to turn it off, and you can see why Cloudflare’s Zero Trust solution is so attractive.
In just a few clicks, you get bulletproof WordPress security for free – with no additional load on your site. It’s almost too good to be true!
I’m a NameHero team member, and an expert on WordPress and web hosting. I’ve been in this industry since 2008. I’ve also developed apps on Android and have written extensive tutorials on managing Linux servers. You can contact me on my website WP-Tweaks.com!