https://github.com/notmike101/wordfence-cloudflare-firewall-sync
Sync Wordfence IP blocks to Cloudflare's WAF to block threats at the DNS level — with support for cron, retry logic, and deduplicated sync.
https://github.com/notmike101/wordfence-cloudflare-firewall-sync
cloudflare wordfence wordpress wordpress-plugin
Last synced: 2 months ago
JSON representation
Sync Wordfence IP blocks to Cloudflare's WAF to block threats at the DNS level — with support for cron, retry logic, and deduplicated sync.
- Host: GitHub
- URL: https://github.com/notmike101/wordfence-cloudflare-firewall-sync
- Owner: notmike101
- Created: 2025-03-30T10:37:43.000Z (over 1 year ago)
- Default Branch: main
- Last Pushed: 2025-03-30T21:46:43.000Z (over 1 year ago)
- Last Synced: 2025-03-30T22:20:03.599Z (over 1 year ago)
- Topics: cloudflare, wordfence, wordpress, wordpress-plugin
- Language: PHP
- Homepage:
- Size: 30.3 KB
- Stars: 0
- Watchers: 1
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
README
# Wordfence Cloudflare Firewall Sync
Syncs Wordfence IP blocks to Cloudflare's WAF for high-performance, DNS-level security.



---
## Features
- Syncs IP blocks from Wordfence to Cloudflare Firewall Rules
- DNS-level blocking to reduce server resource usage
- Automatic cron-based syncing
- Manual "Sync Now" + "Cleanup Now" buttons
- Cloudflare rule reconciliation (detect drift)
- Expired block cleanup and retry logic
- Built-in logging and admin UI
- Multisite-compatible (per-site sync)
---
## How It Works
- On sync, the plugin reads Wordfence's current block list
- It pushes valid IPs to Cloudflare's WAF using their API
- Expired or removed blocks are cleaned up from Cloudflare
- A database table tracks block history, sync logs, and retry attempts
---
## Installation
1. Clone/download this repo:
```bash
git clone https://github.com/yourname/wordfence-cloudflare-firewall-sync.git
```
2. Copy the `src/` folder into:
```
/wp-content/plugins/wordfence-cloudflare-firewall-sync/
```
3. Activate the plugin from the WordPress admin panel
4. Go to:
```
Settings → Firewall Sync
```
5. Enter your Cloudflare API Token and Zone ID
---
## Cloudflare Token Permissions
This plugin requires a restricted Cloudflare API token with:
- `Zone → Firewall Services: Edit`
- `Zone → Zone Settings: Read`
- `Zone → Zone: Read`
To generate a token:
1. Visit: [https://dash.cloudflare.com/profile/api-tokens](https://dash.cloudflare.com/profile/api-tokens)
2. Click “Create Token”
3. Set the permissions above for your domain
4. Copy and paste the token into the plugin settings
Do not share this token — treat it like a password.
## GitHub Releases
You can also install the plugin from the `.zip` file attached to each [GitHub Release](https://github.com/yourname/wordfence-cloudflare-firewall-sync/releases).
---
## Dev Features
- Admin panel with sync status and logs
- CLI-ready internal architecture
- GitHub Actions for automatic zipping & releases
- Makefile for clean versioned tagging
- VS Code Dev Container
---
## Roadmap
- [ ] Rule reconciliation fixes
- [ ] Visual sync/block stats
- [ ] Cloudflare error alerting
- [ ] Translation contributions
---
## Contributions
PRs welcome. Please ensure coding style follows PSR-12 with the exception of following 1TBS.
To test:
```bash
make format
make pot
```
---
## License
GPLv2 — same as WordPress.
---
## Disclaimer
This plugin is not officially affiliated with Wordfence or Cloudflare. Use at your own risk.