Changeset 3451154

Timestamp:

01/31/2026 08:35:24 PM (3 weeks ago)

Author:

5starplugins

Message:

Update readme

Location:

waf-security-suite-for-cloudflare

Files:

• tags/1.0/readme.txt (modified) (1 diff)
• trunk/readme.txt (modified) (1 diff)

waf-security-suite-for-cloudflare/tags/1.0/readme.txt

@@ -2 +2 @@
 Contributors: 5starplugins
 Tags: cloudflare, waf rules, security, firewall, bot protection
+Requires at least: 6.0
 Tested up to: 6.9
+Requires PHP: 7.4
 Stable tag: 1.0
 License: GPLv3 or later
+License URI: https://www.gnu.org/licenses/gpl-3.0.html
 
-A plugin to bulk create and manage WAF rules within Cloudflare across multiple accounts.
+Bulk deploy powerful WAF security rules to all your Cloudflare domains with one click. Protect your sites from bots, malicious traffic, and threats.
 
 == Description ==
 
-#### A plugin to bulk create and manage WAF rules within Cloudflare across multiple accounts, using your Cloudflare API key.
+**Supercharge your website security in minutes!** WAF Security Suite for Cloudflare lets you deploy enterprise-grade Web Application Firewall rules across all your domains instantly—no technical expertise required.
 
-### Summary
-This plugin can be installed on any WordPress site you own, and then use it to bulk create the rules to as many domains in your Cloudflare account, including delegated member accounts you have access to.
+### 🛡️ Why WAF Security Suite?
 
-It takes your Cloudflare API key, email, and account ID, and then gets all the domains in that account, and displays a checkbox list of them all, and you can choose the domains you want to add Troy’s WAF rules to, and bulk update all the domains with one click. Please see the notes and security tips in the plugin settings page.
+Managing security rules across multiple Cloudflare domains is tedious and time-consuming. This plugin streamlines the process, allowing you to:
 
-### Some Important Notes
-⚠️ **Please note that this plugin overwites the 5 WAF rules on all domains, it will erase the existing rules and create new ones.** These 5 rules should work with Cloudflare Free, Pro and Business plans. They do not work for Enterprise Cloudflare, which most likely your web hosting provider controls directly.
+* **Deploy in One Click** - Apply comprehensive WAF rules to multiple domains simultaneously
+* **Save Time** - No more manually configuring rules on each domain
+* **Enterprise Security** - Protect against bots, aggressive crawlers, malicious IPs, and common threats
+* **Bank-Level Encryption** - Your API credentials are secured with AES-256-CBC encryption
+* **Multi-Account Support** - Manage domains across different Cloudflare accounts (Premium)
 
-⚠️ **Use at your own risk.** These rules may block certain services such as monitoring, uptime, or CDN services, so you may need to add exclusions if those services suddenly can't connect to your domain(s), using the Events log in Cloudflare showing the user agent or other data to add to the first rule that allows requests to bypass the remaining rules.
+### 🚀 How It Works
 
-### Configure Settings
-On the plugin's option page: First, add you credentials to the Cloudflare WAF Rules Wizard settings page in the plugin. Your email is the email you log in with. You can retrieve your [API key here](https://dash.cloudflare.com/profile/api-tokens). And [here are instructions](https://developers.cloudflare.com/fundamentals/setup/find-account-and-zone-ids/)  for where you can find your Account ID.
+1. **Connect Your Cloudflare Account** - Securely enter your API credentials (encrypted and stored safely)
+2. **Select Your Domains** - View all domains in your account with convenient checkboxes
+3. **Deploy Rules** - Click once to apply proven security rules across all selected domains
+4. **Stay Protected** - Your sites are now shielded from common threats and malicious traffic
 
-This will pull in the domains from the Account ID you entered. Select which domains you'd like to apply the WAF rules to.
+### 🔥 What Gets Protected
 
-Last, check your Cloudflare WAF Rules to see if they have applied.
+The plugin deploys **5 powerful security rules** that work together to protect your sites:
 
-### Delete Settings and Deactivate/Delete
-After you are done adding your shiny new WAF Rules: ⚠️ **don't forget to click the Delete Settings button** after you are done using this plugin to remove your credentials from the database, for best security practices. They are not encrypted when stored. Maybe future versions will encrypt, delete the options on deactivation, etc. Right now it is a quick and simple plugin for you to use, delete the settings, and then deactivate and delete the plugin. It is not recommended to keep the plugin settings long term, or to keep the plugin active. You can always repeat the above steps later for adding additional domains or deleting and recreating the rules for existing domains.
+* **Good Bot Allowlist** - Ensures legitimate bots (Google, Bing, monitoring tools) can access your site
+* **Managed Challenges for Suspicious Traffic** - Automatically challenges requests from certain ASNs and non-US traffic
+* **Aggressive Crawler Protection** - Blocks unauthorized crawlers and bots (Yandex, Semrush, Ahrefs, etc.)
+* **VPN & Login Protection** - Adds extra challenges for VPN traffic and WordPress login attempts
+* **Block Known Threats** - Automatically blocks web hosts, malicious IPs, TOR nodes, and attack vectors
+
+### ✨ Premium Features
+
+Upgrade to unlock advanced customization and enterprise management:
+
+* **🌐 Multi-Account Management** - Automatically manage domains across ALL your Cloudflare accounts
+* **✅ Smart Bot Whitelisting** - Built-in checkboxes for 50+ trusted services across 8 categories
+* **🔧 Custom User Agents** - Add your own user agent strings to the allowlist
+* **🌍 Custom IP Whitelisting** - Bypass rules for specific trusted IP addresses
+* **💬 Priority Support** - Get expert help when you need it
+* **🎯 Advanced Customization** - Fine-tune rules to match your exact requirements
+
+**[Try Premium Free for 14 Days →](https://5starplugins.com/coming-soon-cloudflare-waf-rules-wizard/)** *(No credit card required)*
+
+### 📋 Important Information
+
+⚠️ **Rule Replacement:** This plugin replaces existing custom WAF rules on targeted domains. Make sure to back up any custom rules you want to keep.
+
+✅ **Compatibility:** Works with Cloudflare Free, Pro, and Business plans. Not compatible with Enterprise plans managed by hosting providers.
+
+⚠️ **Service Monitoring:** These rules might challenge some monitoring or uptime services. Check Cloudflare's Events log if services stop connecting, and add exceptions as needed.
+
+### 🔐 Security & Privacy
+
+Your security is our priority:
+
+* All API credentials are encrypted using military-grade AES-256-CBC encryption
+* Credentials are securely stored in your WordPress database
+* Delete settings with one click when not in use
+* No data is sent to third-party servers (except Cloudflare's API)
+
+== Installation ==
+
+### Automatic Installation
+
+1. Log in to your WordPress admin panel
+2. Navigate to **Plugins** → **Add New**
+3. Search for "WAF Security Suite for Cloudflare"
+4. Click **Install Now** and then **Activate**
+
+### Manual Installation
+
+1. Download the plugin ZIP file
+2. Log in to your WordPress admin panel
+3. Navigate to **Plugins** → **Add New** → **Upload Plugin**
+4. Choose the ZIP file and click **Install Now**
+5. Click **Activate Plugin**
+
+### Getting Started
+
+1. After activation, navigate to **WAF Security** in your WordPress admin menu
+2. Enter your Cloudflare credentials:
+   * **API Key** - [Get yours here](https://dash.cloudflare.com/profile/api-tokens)
+   * **API Email** - The email address for your Cloudflare account
+   * **Account ID** (Free version only) - [Find it here](https://developers.cloudflare.com/fundamentals/setup/find-account-and-zone-ids/)
+3. Click **Save Settings** to retrieve your domains
+4. Select the domains you want to protect
+5. Click **Create/Overwrite All WAF Rules**
+6. Verify and edit further as needed the rules in your Cloudflare dashboard!
+
+That's it! Your sites are now protected.
+
+== Frequently Asked Questions ==
+
+= Will this affect my existing Cloudflare rules? =
+
+Yes, this plugin **replaces** the 5 custom WAF rules in your Cloudflare configuration. Any existing custom rules will be overwritten. The plugin does not affect Cloudflare's managed rulesets or other settings—only custom WAF rules.
+
+= Is my API key safe? =
+
+Absolutely. Your API credentials are encrypted using AES-256-CBC encryption (the same level used by banks) before being stored in your WordPress database. For additional security, you can delete your credentials from the database using the "Delete Settings" button when you're not actively managing rules.
+
+= What's the difference between Free and Premium? =
+
+The **Free version** lets you manage domains from a single Cloudflare account by entering your Account ID. The **Premium version** automatically retrieves domains from ALL Cloudflare accounts you have access to, plus adds powerful customization options including built-in bot whitelisting, custom user agents, and custom IP addresses. Premium also includes priority support.
+
+= Can I use this with Cloudflare Enterprise? =
+
+This plugin is designed for Cloudflare Free, Pro, and Business plans. Enterprise plans typically have different WAF rule management and may be controlled by your hosting provider, so this plugin may not be compatible.
+
+= Will this block legitimate bots like Google? =
+
+No. The first rule explicitly allows verified bots from major search engines (Google, Bing), monitoring services, and other legitimate services. The Premium version offers even more control with 50+ built-in trusted services you can whitelist.
+
+= What happens if a monitoring service gets blocked? =
+
+If you notice a service can't connect after applying rules, check Cloudflare's Events log to see what was blocked. You can then add that service's user agent or IP to the allowlist. Premium users can do this directly in the plugin with custom user agents and IP fields.
+
+== Screenshots ==
+
+1. Main settings page with domain selection
+2. API credentials configuration (securely encrypted)
+3. Premium Good Bot customization options
+4. Successfully deployed rules confirmation
+5. Cloudflare dashboard showing applied WAF rules
+
+== Changelog ==
+
+= 1.0.0 - 2026-01-31 =
+* 🎉 Initial release
+* ✅ Bulk WAF rule deployment across multiple domains
+* 🔐 AES-256-CBC encryption for API credentials
+* 🌟 5 pre-configured security rules
+* 🚀 Premium version with multi-account support
+* ✨ Premium: 50+ built-in trusted bot checkboxes
+* 🎯 Premium: Custom user agent whitelisting
+* 🌍 Premium: Custom IP address whitelisting
+* 💬 Premium: Priority support
+* 📱 Responsive admin interface
+* 🎨 Modern UI with dark header design
+
+== Upgrade Notice ==
+
+= 1.0.0 =
+Initial release of WAF Security Suite for Cloudflare. Deploy comprehensive security rules to all your Cloudflare domains with one click!

waf-security-suite-for-cloudflare/trunk/readme.txt

@@ -2 +2 @@
 Contributors: 5starplugins
 Tags: cloudflare, waf rules, security, firewall, bot protection
+Requires at least: 6.0
 Tested up to: 6.9
+Requires PHP: 7.4
 Stable tag: 1.0
 License: GPLv3 or later
+License URI: https://www.gnu.org/licenses/gpl-3.0.html
 
-A plugin to bulk create and manage WAF rules within Cloudflare across multiple accounts.
+Bulk deploy powerful WAF security rules to all your Cloudflare domains with one click. Protect your sites from bots, malicious traffic, and threats.
 
 == Description ==
 
-#### A plugin to bulk create and manage WAF rules within Cloudflare across multiple accounts, using your Cloudflare API key.
+**Supercharge your website security in minutes!** WAF Security Suite for Cloudflare lets you deploy enterprise-grade Web Application Firewall rules across all your domains instantly—no technical expertise required.
 
-### Summary
-This plugin can be installed on any WordPress site you own, and then use it to bulk create the rules to as many domains in your Cloudflare account, including delegated member accounts you have access to.
+### 🛡️ Why WAF Security Suite?
 
-It takes your Cloudflare API key, email, and account ID, and then gets all the domains in that account, and displays a checkbox list of them all, and you can choose the domains you want to add Troy’s WAF rules to, and bulk update all the domains with one click. Please see the notes and security tips in the plugin settings page.
+Managing security rules across multiple Cloudflare domains is tedious and time-consuming. This plugin streamlines the process, allowing you to:
 
-### Some Important Notes
-⚠️ **Please note that this plugin overwites the 5 WAF rules on all domains, it will erase the existing rules and create new ones.** These 5 rules should work with Cloudflare Free, Pro and Business plans. They do not work for Enterprise Cloudflare, which most likely your web hosting provider controls directly.
+* **Deploy in One Click** - Apply comprehensive WAF rules to multiple domains simultaneously
+* **Save Time** - No more manually configuring rules on each domain
+* **Enterprise Security** - Protect against bots, aggressive crawlers, malicious IPs, and common threats
+* **Bank-Level Encryption** - Your API credentials are secured with AES-256-CBC encryption
+* **Multi-Account Support** - Manage domains across different Cloudflare accounts (Premium)
 
-⚠️ **Use at your own risk.** These rules may block certain services such as monitoring, uptime, or CDN services, so you may need to add exclusions if those services suddenly can't connect to your domain(s), using the Events log in Cloudflare showing the user agent or other data to add to the first rule that allows requests to bypass the remaining rules.
+### 🚀 How It Works
 
-### Configure Settings
-On the plugin's option page: First, add you credentials to the Cloudflare WAF Rules Wizard settings page in the plugin. Your email is the email you log in with. You can retrieve your [API key here](https://dash.cloudflare.com/profile/api-tokens). And [here are instructions](https://developers.cloudflare.com/fundamentals/setup/find-account-and-zone-ids/)  for where you can find your Account ID.
+1. **Connect Your Cloudflare Account** - Securely enter your API credentials (encrypted and stored safely)
+2. **Select Your Domains** - View all domains in your account with convenient checkboxes
+3. **Deploy Rules** - Click once to apply proven security rules across all selected domains
+4. **Stay Protected** - Your sites are now shielded from common threats and malicious traffic
 
-This will pull in the domains from the Account ID you entered. Select which domains you'd like to apply the WAF rules to.
+### 🔥 What Gets Protected
 
-Last, check your Cloudflare WAF Rules to see if they have applied.
+The plugin deploys **5 powerful security rules** that work together to protect your sites:
 
-### Delete Settings and Deactivate/Delete
-After you are done adding your shiny new WAF Rules: ⚠️ **don't forget to click the Delete Settings button** after you are done using this plugin to remove your credentials from the database, for best security practices. They are not encrypted when stored. Maybe future versions will encrypt, delete the options on deactivation, etc. Right now it is a quick and simple plugin for you to use, delete the settings, and then deactivate and delete the plugin. It is not recommended to keep the plugin settings long term, or to keep the plugin active. You can always repeat the above steps later for adding additional domains or deleting and recreating the rules for existing domains.
+* **Good Bot Allowlist** - Ensures legitimate bots (Google, Bing, monitoring tools) can access your site
+* **Managed Challenges for Suspicious Traffic** - Automatically challenges requests from certain ASNs and non-US traffic
+* **Aggressive Crawler Protection** - Blocks unauthorized crawlers and bots (Yandex, Semrush, Ahrefs, etc.)
+* **VPN & Login Protection** - Adds extra challenges for VPN traffic and WordPress login attempts
+* **Block Known Threats** - Automatically blocks web hosts, malicious IPs, TOR nodes, and attack vectors
+
+### ✨ Premium Features
+
+Upgrade to unlock advanced customization and enterprise management:
+
+* **🌐 Multi-Account Management** - Automatically manage domains across ALL your Cloudflare accounts
+* **✅ Smart Bot Whitelisting** - Built-in checkboxes for 50+ trusted services across 8 categories
+* **🔧 Custom User Agents** - Add your own user agent strings to the allowlist
+* **🌍 Custom IP Whitelisting** - Bypass rules for specific trusted IP addresses
+* **💬 Priority Support** - Get expert help when you need it
+* **🎯 Advanced Customization** - Fine-tune rules to match your exact requirements
+
+**[Try Premium Free for 14 Days →](https://5starplugins.com/coming-soon-cloudflare-waf-rules-wizard/)** *(No credit card required)*
+
+### 📋 Important Information
+
+⚠️ **Rule Replacement:** This plugin replaces existing custom WAF rules on targeted domains. Make sure to back up any custom rules you want to keep.
+
+✅ **Compatibility:** Works with Cloudflare Free, Pro, and Business plans. Not compatible with Enterprise plans managed by hosting providers.
+
+⚠️ **Service Monitoring:** These rules might challenge some monitoring or uptime services. Check Cloudflare's Events log if services stop connecting, and add exceptions as needed.
+
+### 🔐 Security & Privacy
+
+Your security is our priority:
+
+* All API credentials are encrypted using military-grade AES-256-CBC encryption
+* Credentials are securely stored in your WordPress database
+* Delete settings with one click when not in use
+* No data is sent to third-party servers (except Cloudflare's API)
+
+== Installation ==
+
+### Automatic Installation
+
+1. Log in to your WordPress admin panel
+2. Navigate to **Plugins** → **Add New**
+3. Search for "WAF Security Suite for Cloudflare"
+4. Click **Install Now** and then **Activate**
+
+### Manual Installation
+
+1. Download the plugin ZIP file
+2. Log in to your WordPress admin panel
+3. Navigate to **Plugins** → **Add New** → **Upload Plugin**
+4. Choose the ZIP file and click **Install Now**
+5. Click **Activate Plugin**
+
+### Getting Started
+
+1. After activation, navigate to **WAF Security** in your WordPress admin menu
+2. Enter your Cloudflare credentials:
+   * **API Key** - [Get yours here](https://dash.cloudflare.com/profile/api-tokens)
+   * **API Email** - The email address for your Cloudflare account
+   * **Account ID** (Free version only) - [Find it here](https://developers.cloudflare.com/fundamentals/setup/find-account-and-zone-ids/)
+3. Click **Save Settings** to retrieve your domains
+4. Select the domains you want to protect
+5. Click **Create/Overwrite All WAF Rules**
+6. Verify and edit further as needed the rules in your Cloudflare dashboard!
+
+That's it! Your sites are now protected.
+
+== Frequently Asked Questions ==
+
+= Will this affect my existing Cloudflare rules? =
+
+Yes, this plugin **replaces** the 5 custom WAF rules in your Cloudflare configuration. Any existing custom rules will be overwritten. The plugin does not affect Cloudflare's managed rulesets or other settings—only custom WAF rules.
+
+= Is my API key safe? =
+
+Absolutely. Your API credentials are encrypted using AES-256-CBC encryption (the same level used by banks) before being stored in your WordPress database. For additional security, you can delete your credentials from the database using the "Delete Settings" button when you're not actively managing rules.
+
+= What's the difference between Free and Premium? =
+
+The **Free version** lets you manage domains from a single Cloudflare account by entering your Account ID. The **Premium version** automatically retrieves domains from ALL Cloudflare accounts you have access to, plus adds powerful customization options including built-in bot whitelisting, custom user agents, and custom IP addresses. Premium also includes priority support.
+
+= Can I use this with Cloudflare Enterprise? =
+
+This plugin is designed for Cloudflare Free, Pro, and Business plans. Enterprise plans typically have different WAF rule management and may be controlled by your hosting provider, so this plugin may not be compatible.
+
+= Will this block legitimate bots like Google? =
+
+No. The first rule explicitly allows verified bots from major search engines (Google, Bing), monitoring services, and other legitimate services. The Premium version offers even more control with 50+ built-in trusted services you can whitelist.
+
+= What happens if a monitoring service gets blocked? =
+
+If you notice a service can't connect after applying rules, check Cloudflare's Events log to see what was blocked. You can then add that service's user agent or IP to the allowlist. Premium users can do this directly in the plugin with custom user agents and IP fields.
+
+== Screenshots ==
+
+1. Main settings page with domain selection
+2. API credentials configuration (securely encrypted)
+3. Premium Good Bot customization options
+4. Successfully deployed rules confirmation
+5. Cloudflare dashboard showing applied WAF rules
+
+== Changelog ==
+
+= 1.0.0 - 2026-01-31 =
+* 🎉 Initial release
+* ✅ Bulk WAF rule deployment across multiple domains
+* 🔐 AES-256-CBC encryption for API credentials
+* 🌟 5 pre-configured security rules
+* 🚀 Premium version with multi-account support
+* ✨ Premium: 50+ built-in trusted bot checkboxes
+* 🎯 Premium: Custom user agent whitelisting
+* 🌍 Premium: Custom IP address whitelisting
+* 💬 Premium: Priority support
+* 📱 Responsive admin interface
+* 🎨 Modern UI with dark header design
+
+== Upgrade Notice ==
+
+= 1.0.0 =
+Initial release of WAF Security Suite for Cloudflare. Deploy comprehensive security rules to all your Cloudflare domains with one click!