Even though we’re making sure that WordStress cannot be used with malicious intent by forcing the WordStress Companion tool to be installed on the target website, it doesn’t mean that services like CloudFlare do not see our requests are suspicious – we’re firing hundres of requests at the same time after all.
How to configure CloudFlare to whitelist WordStress requests?
CloudFlare has a great user interface to quickly set this up. Follow these steps to whitelist WordStress requests:
- Login to your CloudFlare Dashboard
- Select your website
- Go to Security -> WAF -> Custom Rules
- Click ‘Create rule’
- Enter a name for your rule, like ‘Always Allow WordStress’
- In the Field dropdown, select ‘Header’
- Enter
x-wordstressin the name field - Set the operator to ‘equals’
- And enter
truefor the value - Scroll down to ‘Then take action…’
- Select ‘Skip’ from the Choose action dropdown
- Click the ‘Deploy’ button in the bottom right corner
That’s it! CloudFlare will now allow requests from WordStress. Make sure to disable the rule after you’re done load testing!
Leave a Reply