Changeset 3451154
- Timestamp:
- 01/31/2026 08:35:24 PM (3 weeks ago)
- Location:
- waf-security-suite-for-cloudflare
- Files:
-
- 2 edited
-
tags/1.0/readme.txt (modified) (1 diff)
-
trunk/readme.txt (modified) (1 diff)
Legend:
- Unmodified
- Added
- Removed
-
waf-security-suite-for-cloudflare/tags/1.0/readme.txt
r3450856 r3451154 2 2 Contributors: 5starplugins 3 3 Tags: cloudflare, waf rules, security, firewall, bot protection 4 Requires at least: 6.0 4 5 Tested up to: 6.9 6 Requires PHP: 7.4 5 7 Stable tag: 1.0 6 8 License: GPLv3 or later 9 License URI: https://www.gnu.org/licenses/gpl-3.0.html 7 10 8 A plugin to bulk create and manage WAF rules within Cloudflare across multiple accounts.11 Bulk deploy powerful WAF security rules to all your Cloudflare domains with one click. Protect your sites from bots, malicious traffic, and threats. 9 12 10 13 == Description == 11 14 12 #### A plugin to bulk create and manage WAF rules within Cloudflare across multiple accounts, using your Cloudflare API key.15 **Supercharge your website security in minutes!** WAF Security Suite for Cloudflare lets you deploy enterprise-grade Web Application Firewall rules across all your domains instantly—no technical expertise required. 13 16 14 ### Summary 15 This plugin can be installed on any WordPress site you own, and then use it to bulk create the rules to as many domains in your Cloudflare account, including delegated member accounts you have access to. 17 ### 🛡️ Why WAF Security Suite? 16 18 17 It takes your Cloudflare API key, email, and account ID, and then gets all the domains in that account, and displays a checkbox list of them all, and you can choose the domains you want to add Troy’s WAF rules to, and bulk update all the domains with one click. Please see the notes and security tips in the plugin settings page. 19 Managing security rules across multiple Cloudflare domains is tedious and time-consuming. This plugin streamlines the process, allowing you to: 18 20 19 ### Some Important Notes 20 ⚠️ **Please note that this plugin overwites the 5 WAF rules on all domains, it will erase the existing rules and create new ones.** These 5 rules should work with Cloudflare Free, Pro and Business plans. They do not work for Enterprise Cloudflare, which most likely your web hosting provider controls directly. 21 * **Deploy in One Click** - Apply comprehensive WAF rules to multiple domains simultaneously 22 * **Save Time** - No more manually configuring rules on each domain 23 * **Enterprise Security** - Protect against bots, aggressive crawlers, malicious IPs, and common threats 24 * **Bank-Level Encryption** - Your API credentials are secured with AES-256-CBC encryption 25 * **Multi-Account Support** - Manage domains across different Cloudflare accounts (Premium) 21 26 22 ⚠️ **Use at your own risk.** These rules may block certain services such as monitoring, uptime, or CDN services, so you may need to add exclusions if those services suddenly can't connect to your domain(s), using the Events log in Cloudflare showing the user agent or other data to add to the first rule that allows requests to bypass the remaining rules. 27 ### 🚀 How It Works 23 28 24 ### Configure Settings 25 On the plugin's option page: First, add you credentials to the Cloudflare WAF Rules Wizard settings page in the plugin. Your email is the email you log in with. You can retrieve your [API key here](https://dash.cloudflare.com/profile/api-tokens). And [here are instructions](https://developers.cloudflare.com/fundamentals/setup/find-account-and-zone-ids/) for where you can find your Account ID. 29 1. **Connect Your Cloudflare Account** - Securely enter your API credentials (encrypted and stored safely) 30 2. **Select Your Domains** - View all domains in your account with convenient checkboxes 31 3. **Deploy Rules** - Click once to apply proven security rules across all selected domains 32 4. **Stay Protected** - Your sites are now shielded from common threats and malicious traffic 26 33 27 This will pull in the domains from the Account ID you entered. Select which domains you'd like to apply the WAF rules to. 34 ### 🔥 What Gets Protected 28 35 29 Last, check your Cloudflare WAF Rules to see if they have applied. 36 The plugin deploys **5 powerful security rules** that work together to protect your sites: 30 37 31 ### Delete Settings and Deactivate/Delete 32 After you are done adding your shiny new WAF Rules: ⚠️ **don't forget to click the Delete Settings button** after you are done using this plugin to remove your credentials from the database, for best security practices. They are not encrypted when stored. Maybe future versions will encrypt, delete the options on deactivation, etc. Right now it is a quick and simple plugin for you to use, delete the settings, and then deactivate and delete the plugin. It is not recommended to keep the plugin settings long term, or to keep the plugin active. You can always repeat the above steps later for adding additional domains or deleting and recreating the rules for existing domains. 38 * **Good Bot Allowlist** - Ensures legitimate bots (Google, Bing, monitoring tools) can access your site 39 * **Managed Challenges for Suspicious Traffic** - Automatically challenges requests from certain ASNs and non-US traffic 40 * **Aggressive Crawler Protection** - Blocks unauthorized crawlers and bots (Yandex, Semrush, Ahrefs, etc.) 41 * **VPN & Login Protection** - Adds extra challenges for VPN traffic and WordPress login attempts 42 * **Block Known Threats** - Automatically blocks web hosts, malicious IPs, TOR nodes, and attack vectors 43 44 ### ✨ Premium Features 45 46 Upgrade to unlock advanced customization and enterprise management: 47 48 * **🌐 Multi-Account Management** - Automatically manage domains across ALL your Cloudflare accounts 49 * **✅ Smart Bot Whitelisting** - Built-in checkboxes for 50+ trusted services across 8 categories 50 * **🔧 Custom User Agents** - Add your own user agent strings to the allowlist 51 * **🌍 Custom IP Whitelisting** - Bypass rules for specific trusted IP addresses 52 * **💬 Priority Support** - Get expert help when you need it 53 * **🎯 Advanced Customization** - Fine-tune rules to match your exact requirements 54 55 **[Try Premium Free for 14 Days →](https://5starplugins.com/coming-soon-cloudflare-waf-rules-wizard/)** *(No credit card required)* 56 57 ### 📋 Important Information 58 59 ⚠️ **Rule Replacement:** This plugin replaces existing custom WAF rules on targeted domains. Make sure to back up any custom rules you want to keep. 60 61 ✅ **Compatibility:** Works with Cloudflare Free, Pro, and Business plans. Not compatible with Enterprise plans managed by hosting providers. 62 63 ⚠️ **Service Monitoring:** These rules might challenge some monitoring or uptime services. Check Cloudflare's Events log if services stop connecting, and add exceptions as needed. 64 65 ### 🔐 Security & Privacy 66 67 Your security is our priority: 68 69 * All API credentials are encrypted using military-grade AES-256-CBC encryption 70 * Credentials are securely stored in your WordPress database 71 * Delete settings with one click when not in use 72 * No data is sent to third-party servers (except Cloudflare's API) 73 74 == Installation == 75 76 ### Automatic Installation 77 78 1. Log in to your WordPress admin panel 79 2. Navigate to **Plugins** → **Add New** 80 3. Search for "WAF Security Suite for Cloudflare" 81 4. Click **Install Now** and then **Activate** 82 83 ### Manual Installation 84 85 1. Download the plugin ZIP file 86 2. Log in to your WordPress admin panel 87 3. Navigate to **Plugins** → **Add New** → **Upload Plugin** 88 4. Choose the ZIP file and click **Install Now** 89 5. Click **Activate Plugin** 90 91 ### Getting Started 92 93 1. After activation, navigate to **WAF Security** in your WordPress admin menu 94 2. Enter your Cloudflare credentials: 95 * **API Key** - [Get yours here](https://dash.cloudflare.com/profile/api-tokens) 96 * **API Email** - The email address for your Cloudflare account 97 * **Account ID** (Free version only) - [Find it here](https://developers.cloudflare.com/fundamentals/setup/find-account-and-zone-ids/) 98 3. Click **Save Settings** to retrieve your domains 99 4. Select the domains you want to protect 100 5. Click **Create/Overwrite All WAF Rules** 101 6. Verify and edit further as needed the rules in your Cloudflare dashboard! 102 103 That's it! Your sites are now protected. 104 105 == Frequently Asked Questions == 106 107 = Will this affect my existing Cloudflare rules? = 108 109 Yes, this plugin **replaces** the 5 custom WAF rules in your Cloudflare configuration. Any existing custom rules will be overwritten. The plugin does not affect Cloudflare's managed rulesets or other settings—only custom WAF rules. 110 111 = Is my API key safe? = 112 113 Absolutely. Your API credentials are encrypted using AES-256-CBC encryption (the same level used by banks) before being stored in your WordPress database. For additional security, you can delete your credentials from the database using the "Delete Settings" button when you're not actively managing rules. 114 115 = What's the difference between Free and Premium? = 116 117 The **Free version** lets you manage domains from a single Cloudflare account by entering your Account ID. The **Premium version** automatically retrieves domains from ALL Cloudflare accounts you have access to, plus adds powerful customization options including built-in bot whitelisting, custom user agents, and custom IP addresses. Premium also includes priority support. 118 119 = Can I use this with Cloudflare Enterprise? = 120 121 This plugin is designed for Cloudflare Free, Pro, and Business plans. Enterprise plans typically have different WAF rule management and may be controlled by your hosting provider, so this plugin may not be compatible. 122 123 = Will this block legitimate bots like Google? = 124 125 No. The first rule explicitly allows verified bots from major search engines (Google, Bing), monitoring services, and other legitimate services. The Premium version offers even more control with 50+ built-in trusted services you can whitelist. 126 127 = What happens if a monitoring service gets blocked? = 128 129 If you notice a service can't connect after applying rules, check Cloudflare's Events log to see what was blocked. You can then add that service's user agent or IP to the allowlist. Premium users can do this directly in the plugin with custom user agents and IP fields. 130 131 == Screenshots == 132 133 1. Main settings page with domain selection 134 2. API credentials configuration (securely encrypted) 135 3. Premium Good Bot customization options 136 4. Successfully deployed rules confirmation 137 5. Cloudflare dashboard showing applied WAF rules 138 139 == Changelog == 140 141 = 1.0.0 - 2026-01-31 = 142 * 🎉 Initial release 143 * ✅ Bulk WAF rule deployment across multiple domains 144 * 🔐 AES-256-CBC encryption for API credentials 145 * 🌟 5 pre-configured security rules 146 * 🚀 Premium version with multi-account support 147 * ✨ Premium: 50+ built-in trusted bot checkboxes 148 * 🎯 Premium: Custom user agent whitelisting 149 * 🌍 Premium: Custom IP address whitelisting 150 * 💬 Premium: Priority support 151 * 📱 Responsive admin interface 152 * 🎨 Modern UI with dark header design 153 154 == Upgrade Notice == 155 156 = 1.0.0 = 157 Initial release of WAF Security Suite for Cloudflare. Deploy comprehensive security rules to all your Cloudflare domains with one click! -
waf-security-suite-for-cloudflare/trunk/readme.txt
r3449240 r3451154 2 2 Contributors: 5starplugins 3 3 Tags: cloudflare, waf rules, security, firewall, bot protection 4 Requires at least: 6.0 4 5 Tested up to: 6.9 6 Requires PHP: 7.4 5 7 Stable tag: 1.0 6 8 License: GPLv3 or later 9 License URI: https://www.gnu.org/licenses/gpl-3.0.html 7 10 8 A plugin to bulk create and manage WAF rules within Cloudflare across multiple accounts.11 Bulk deploy powerful WAF security rules to all your Cloudflare domains with one click. Protect your sites from bots, malicious traffic, and threats. 9 12 10 13 == Description == 11 14 12 #### A plugin to bulk create and manage WAF rules within Cloudflare across multiple accounts, using your Cloudflare API key.15 **Supercharge your website security in minutes!** WAF Security Suite for Cloudflare lets you deploy enterprise-grade Web Application Firewall rules across all your domains instantly—no technical expertise required. 13 16 14 ### Summary 15 This plugin can be installed on any WordPress site you own, and then use it to bulk create the rules to as many domains in your Cloudflare account, including delegated member accounts you have access to. 17 ### 🛡️ Why WAF Security Suite? 16 18 17 It takes your Cloudflare API key, email, and account ID, and then gets all the domains in that account, and displays a checkbox list of them all, and you can choose the domains you want to add Troy’s WAF rules to, and bulk update all the domains with one click. Please see the notes and security tips in the plugin settings page. 19 Managing security rules across multiple Cloudflare domains is tedious and time-consuming. This plugin streamlines the process, allowing you to: 18 20 19 ### Some Important Notes 20 ⚠️ **Please note that this plugin overwites the 5 WAF rules on all domains, it will erase the existing rules and create new ones.** These 5 rules should work with Cloudflare Free, Pro and Business plans. They do not work for Enterprise Cloudflare, which most likely your web hosting provider controls directly. 21 * **Deploy in One Click** - Apply comprehensive WAF rules to multiple domains simultaneously 22 * **Save Time** - No more manually configuring rules on each domain 23 * **Enterprise Security** - Protect against bots, aggressive crawlers, malicious IPs, and common threats 24 * **Bank-Level Encryption** - Your API credentials are secured with AES-256-CBC encryption 25 * **Multi-Account Support** - Manage domains across different Cloudflare accounts (Premium) 21 26 22 ⚠️ **Use at your own risk.** These rules may block certain services such as monitoring, uptime, or CDN services, so you may need to add exclusions if those services suddenly can't connect to your domain(s), using the Events log in Cloudflare showing the user agent or other data to add to the first rule that allows requests to bypass the remaining rules. 27 ### 🚀 How It Works 23 28 24 ### Configure Settings 25 On the plugin's option page: First, add you credentials to the Cloudflare WAF Rules Wizard settings page in the plugin. Your email is the email you log in with. You can retrieve your [API key here](https://dash.cloudflare.com/profile/api-tokens). And [here are instructions](https://developers.cloudflare.com/fundamentals/setup/find-account-and-zone-ids/) for where you can find your Account ID. 29 1. **Connect Your Cloudflare Account** - Securely enter your API credentials (encrypted and stored safely) 30 2. **Select Your Domains** - View all domains in your account with convenient checkboxes 31 3. **Deploy Rules** - Click once to apply proven security rules across all selected domains 32 4. **Stay Protected** - Your sites are now shielded from common threats and malicious traffic 26 33 27 This will pull in the domains from the Account ID you entered. Select which domains you'd like to apply the WAF rules to. 34 ### 🔥 What Gets Protected 28 35 29 Last, check your Cloudflare WAF Rules to see if they have applied. 36 The plugin deploys **5 powerful security rules** that work together to protect your sites: 30 37 31 ### Delete Settings and Deactivate/Delete 32 After you are done adding your shiny new WAF Rules: ⚠️ **don't forget to click the Delete Settings button** after you are done using this plugin to remove your credentials from the database, for best security practices. They are not encrypted when stored. Maybe future versions will encrypt, delete the options on deactivation, etc. Right now it is a quick and simple plugin for you to use, delete the settings, and then deactivate and delete the plugin. It is not recommended to keep the plugin settings long term, or to keep the plugin active. You can always repeat the above steps later for adding additional domains or deleting and recreating the rules for existing domains. 38 * **Good Bot Allowlist** - Ensures legitimate bots (Google, Bing, monitoring tools) can access your site 39 * **Managed Challenges for Suspicious Traffic** - Automatically challenges requests from certain ASNs and non-US traffic 40 * **Aggressive Crawler Protection** - Blocks unauthorized crawlers and bots (Yandex, Semrush, Ahrefs, etc.) 41 * **VPN & Login Protection** - Adds extra challenges for VPN traffic and WordPress login attempts 42 * **Block Known Threats** - Automatically blocks web hosts, malicious IPs, TOR nodes, and attack vectors 43 44 ### ✨ Premium Features 45 46 Upgrade to unlock advanced customization and enterprise management: 47 48 * **🌐 Multi-Account Management** - Automatically manage domains across ALL your Cloudflare accounts 49 * **✅ Smart Bot Whitelisting** - Built-in checkboxes for 50+ trusted services across 8 categories 50 * **🔧 Custom User Agents** - Add your own user agent strings to the allowlist 51 * **🌍 Custom IP Whitelisting** - Bypass rules for specific trusted IP addresses 52 * **💬 Priority Support** - Get expert help when you need it 53 * **🎯 Advanced Customization** - Fine-tune rules to match your exact requirements 54 55 **[Try Premium Free for 14 Days →](https://5starplugins.com/coming-soon-cloudflare-waf-rules-wizard/)** *(No credit card required)* 56 57 ### 📋 Important Information 58 59 ⚠️ **Rule Replacement:** This plugin replaces existing custom WAF rules on targeted domains. Make sure to back up any custom rules you want to keep. 60 61 ✅ **Compatibility:** Works with Cloudflare Free, Pro, and Business plans. Not compatible with Enterprise plans managed by hosting providers. 62 63 ⚠️ **Service Monitoring:** These rules might challenge some monitoring or uptime services. Check Cloudflare's Events log if services stop connecting, and add exceptions as needed. 64 65 ### 🔐 Security & Privacy 66 67 Your security is our priority: 68 69 * All API credentials are encrypted using military-grade AES-256-CBC encryption 70 * Credentials are securely stored in your WordPress database 71 * Delete settings with one click when not in use 72 * No data is sent to third-party servers (except Cloudflare's API) 73 74 == Installation == 75 76 ### Automatic Installation 77 78 1. Log in to your WordPress admin panel 79 2. Navigate to **Plugins** → **Add New** 80 3. Search for "WAF Security Suite for Cloudflare" 81 4. Click **Install Now** and then **Activate** 82 83 ### Manual Installation 84 85 1. Download the plugin ZIP file 86 2. Log in to your WordPress admin panel 87 3. Navigate to **Plugins** → **Add New** → **Upload Plugin** 88 4. Choose the ZIP file and click **Install Now** 89 5. Click **Activate Plugin** 90 91 ### Getting Started 92 93 1. After activation, navigate to **WAF Security** in your WordPress admin menu 94 2. Enter your Cloudflare credentials: 95 * **API Key** - [Get yours here](https://dash.cloudflare.com/profile/api-tokens) 96 * **API Email** - The email address for your Cloudflare account 97 * **Account ID** (Free version only) - [Find it here](https://developers.cloudflare.com/fundamentals/setup/find-account-and-zone-ids/) 98 3. Click **Save Settings** to retrieve your domains 99 4. Select the domains you want to protect 100 5. Click **Create/Overwrite All WAF Rules** 101 6. Verify and edit further as needed the rules in your Cloudflare dashboard! 102 103 That's it! Your sites are now protected. 104 105 == Frequently Asked Questions == 106 107 = Will this affect my existing Cloudflare rules? = 108 109 Yes, this plugin **replaces** the 5 custom WAF rules in your Cloudflare configuration. Any existing custom rules will be overwritten. The plugin does not affect Cloudflare's managed rulesets or other settings—only custom WAF rules. 110 111 = Is my API key safe? = 112 113 Absolutely. Your API credentials are encrypted using AES-256-CBC encryption (the same level used by banks) before being stored in your WordPress database. For additional security, you can delete your credentials from the database using the "Delete Settings" button when you're not actively managing rules. 114 115 = What's the difference between Free and Premium? = 116 117 The **Free version** lets you manage domains from a single Cloudflare account by entering your Account ID. The **Premium version** automatically retrieves domains from ALL Cloudflare accounts you have access to, plus adds powerful customization options including built-in bot whitelisting, custom user agents, and custom IP addresses. Premium also includes priority support. 118 119 = Can I use this with Cloudflare Enterprise? = 120 121 This plugin is designed for Cloudflare Free, Pro, and Business plans. Enterprise plans typically have different WAF rule management and may be controlled by your hosting provider, so this plugin may not be compatible. 122 123 = Will this block legitimate bots like Google? = 124 125 No. The first rule explicitly allows verified bots from major search engines (Google, Bing), monitoring services, and other legitimate services. The Premium version offers even more control with 50+ built-in trusted services you can whitelist. 126 127 = What happens if a monitoring service gets blocked? = 128 129 If you notice a service can't connect after applying rules, check Cloudflare's Events log to see what was blocked. You can then add that service's user agent or IP to the allowlist. Premium users can do this directly in the plugin with custom user agents and IP fields. 130 131 == Screenshots == 132 133 1. Main settings page with domain selection 134 2. API credentials configuration (securely encrypted) 135 3. Premium Good Bot customization options 136 4. Successfully deployed rules confirmation 137 5. Cloudflare dashboard showing applied WAF rules 138 139 == Changelog == 140 141 = 1.0.0 - 2026-01-31 = 142 * 🎉 Initial release 143 * ✅ Bulk WAF rule deployment across multiple domains 144 * 🔐 AES-256-CBC encryption for API credentials 145 * 🌟 5 pre-configured security rules 146 * 🚀 Premium version with multi-account support 147 * ✨ Premium: 50+ built-in trusted bot checkboxes 148 * 🎯 Premium: Custom user agent whitelisting 149 * 🌍 Premium: Custom IP address whitelisting 150 * 💬 Premium: Priority support 151 * 📱 Responsive admin interface 152 * 🎨 Modern UI with dark header design 153 154 == Upgrade Notice == 155 156 = 1.0.0 = 157 Initial release of WAF Security Suite for Cloudflare. Deploy comprehensive security rules to all your Cloudflare domains with one click!
Note: See TracChangeset
for help on using the changeset viewer.