For a long time, finding a better way to secure login page, finding a better way to protect wp-login.php page from attackers. And finally have found a solution, CloudFlare Access is protecting our login page now. Access is really a nice feature by CloudFlare – the largest security provider available on the web.
Why We Use CloudFlare Access?
First visit our login page to view the magic, our login page is protected by CloudFlare security! By using the feature in login page, we are enjoying many benefits. It is not like the usual two factor authentication. It is actually two factor authentication of the login page by using CloudFlare secure server!
If you use two factor authentication plugin, attackers have options to try different usernames and passwords because two factor comes after username and password. By doing the process again and again, attackers can do serious damage to your website’s server and the server may go down in this process.
That’s why, we are using CloudFlare Access over two factor authentication. It doesn’t allow attackers to access the login page before authenticated. And your server will be safe as it should be because everything will happen in CloudFlare’s server. Most importantly, you can rely on CloudFlare – the big name in the security field.
The other reason is, we can monitor who had accessed the login page and when! Really nice to have access audit, it is very useful for team-work. There are some other reasons you should try this feature described in their blog post. Let’s learn, how to enable email authentication to secure login page by CloudFlare Access.
Process to Secure Login Page by Access
There are many authentication options available in CloudFlare Access settings. We will not discuss about all authentication options. We’ll show you how to enable email authentication to access your website’s login page. To enable email authentication, do the following steps –
1. Go to CloudFlare Access Page
Login to your CloudFlare account and go to Access settings page. This page looks like the image –
Important : You may need to apply to enable Access feature for your account. If you didn’t apply yet, there will be a link to apply. Then click on the link and you will get confirmation email of approval soon (in most cases).
2. Add a One-Time Pin Login Method
Click on “Add” available under “Login Methods” (see the previous image) and then select “One-Time Pin” option.
3. Setup a Login Page Domain (Optional)
Set up this under “Login Page Domain” (see the previous image). There should be a value already, so you may ignore this. But you can change existing value if you wish to change.
4. Customize Your Login Page (Optional)
You can customize login page by clicking on the image under “Customize Your Login Page” (see previous image). You can customize everything as your liking like the image! Click on “Save” after modification.
5. Create Access Policy
Most important step! To create access policy click on “Create Access Policy” (see the first image) and then set up everything like the image. You can change /wp-login.php to any page you want to protect! Don’t forget to change email@example.com to the one where you want to get authentication code.
Click on “Save” after modification. You can edit the created access policy and can revoke existing access anytime as you wish! You can also create another access policy to protect another page.
After the Modifications
After all the modifications to secure login page described above, the authentication page looks like the image. You have to enter the email that you set up in access policy and then click on “Send me a code” button.
If your email matches with the first one, you will get authentication code by the email from CloudFlare Access. Now Copy the code from the email you received and Paste it to the next window and click on “Login” button.
After this, you will be redirected to the page you protected. By this process, you can protect any page you want. Another good thing is, you can monitor access logs within the CloudFlare Access page. By the way, you should not miss the feature anyway. It really ensures better login page security.
That’s it. Have a say? Let’s discuss through comments. We will be really happy to assist you.