Syncs Wordfence IP blocks to Cloudflare's WAF for high-performance, DNS-level security.
- Syncs IP blocks from Wordfence to Cloudflare Firewall Rules
- DNS-level blocking to reduce server resource usage
- Automatic cron-based syncing
- Manual "Sync Now" + "Cleanup Now" buttons
- Cloudflare rule reconciliation (detect drift)
- Expired block cleanup and retry logic
- Built-in logging and admin UI
- Multisite-compatible (per-site sync)
- On sync, the plugin reads Wordfence's current block list
- It pushes valid IPs to Cloudflare's WAF using their API
- Expired or removed blocks are cleaned up from Cloudflare
- A database table tracks block history, sync logs, and retry attempts
-
Clone/download this repo:
git clone https://github.com/yourname/wordfence-cloudflare-firewall-sync.git
-
Copy the
src/folder into:/wp-content/plugins/wordfence-cloudflare-firewall-sync/ -
Activate the plugin from the WordPress admin panel
-
Go to:
Settings → Firewall Sync -
Enter your Cloudflare API Token and Zone ID
This plugin requires a restricted Cloudflare API token with:
Zone → Firewall Services: EditZone → Zone Settings: ReadZone → Zone: Read
To generate a token:
- Visit: https://dash.cloudflare.com/profile/api-tokens
- Click “Create Token”
- Set the permissions above for your domain
- Copy and paste the token into the plugin settings
Do not share this token — treat it like a password.
You can also install the plugin from the .zip file attached to each GitHub Release.
- Admin panel with sync status and logs
- CLI-ready internal architecture
- GitHub Actions for automatic zipping & releases
- Makefile for clean versioned tagging
- VS Code Dev Container
- Rule reconciliation fixes
- Visual sync/block stats
- Cloudflare error alerting
- Translation contributions
PRs welcome. Please ensure coding style follows PSR-12 with the exception of following 1TBS.
To test:
make format
make potGPLv2 — same as WordPress.
This plugin is not officially affiliated with Wordfence or Cloudflare. Use at your own risk.