WP WAF Manager Plugin Integrates Cloudflare Firewall Management Into WordPress Dashboard

WordPress site owners and agencies now have a new tool for managing Cloudflare security features directly from their WordPress dashboard. WP WAF Manager, developed by Nahnu Plugins, connects to Cloudflare via API and provides control over WAF rules, DNS records, IP access rules, security events, and more without leaving the WordPress admin interface.

The plugin addresses a common pain point for agencies that manage multiple client websites. Normally, adjusting Cloudflare settings for each site requires logging into separate Cloudflare dashboards, repeating rule updates, and switching between accounts. WP WAF Manager consolidates these tasks into the WordPress environment where agencies already handle client site management.

From a security perspective, the plugin helps WordPress site owners deploy edge-level protections by applying Cloudflare WAF rules before traffic reaches the WordPress server. It includes five tested firewall rules based on the open-source wafrules.com ruleset. These rules target bad bots, SQL injection attempts, path traversal, VPN traffic, and web hosting ASN traffic, among other attack patterns.

A notable feature is the separation of custom IP and user agent allowlists from the base WAF ruleset. This allows users to update the main ruleset without losing their custom allowlist settings. For agencies, this reduces the risk of overwriting important access rules during security updates.

Beyond WAF rules, WP WAF Manager offers Cloudflare DNS management from within WordPress. Users can manage DNS records, zone controls, cache purge, Under Attack Mode, Development Mode, SSL settings, IP access rules, security events, and email routing without leaving the admin dashboard.

The plugin uses scoped Cloudflare API tokens as the recommended connection method. Scoped tokens allow users to grant only the permissions the plugin needs, providing better control than using a full Cloudflare Global API Key. Most features work with Cloudflare Free, though the Security Events viewer requires Cloudflare Pro or higher due to its reliance on the Cloudflare Events API.

WP WAF Manager is available as a free, open-source plugin on GitHub under the MIT license. A Pro license is available for those who want automatic plugin updates inside WordPress admin and priority email support. More information can be found on the plugin's website and documentation pages.