WP WAF Manager: Cloudflare Control from WordPress Dashboard

Nahnu Plugins has launched WP WAF Manager, a WordPress plugin that enables site owners, developers, freelancers, and agencies to manage Cloudflare tools directly from the WordPress admin dashboard. The plugin connects via the Cloudflare API and provides controls for WAF rules, DNS records, zone settings, IP access rules, security events, analytics, email routing, and multi-account management—all without leaving WordPress. This solves a key pain point for agencies: instead of switching between multiple Cloudflare dashboards, they can now handle security and performance tasks for client sites from a single interface.

The plugin includes five pre-tested firewall rules based on the open-source wafrules.com ruleset, targeting bad bots, SQL injection, path traversal, VPN traffic, and other common threats. These rules are applied at the edge before traffic reaches the WordPress server, enhancing security. A notable feature is the separation of custom IP and user agent allowlists from the base ruleset, allowing users to update the main rules without losing custom settings—a critical advantage for agencies managing multiple sites. Additionally, WP WAF Manager supports DNS management, cache purge, Under Attack Mode, Development Mode, SSL settings, and email routing from within WordPress.

WP WAF Manager uses scoped Cloudflare API tokens for secure, permission-limited connections, avoiding the need for a full Global API Key. It works with Cloudflare Free for most features, though the Security Events viewer requires Cloudflare Pro or higher. The plugin is available as a free, open-source release under the MIT license on GitHub, with a Pro license offering automatic updates and priority support. For more details, visit the WP WAF Manager website, check the documentation, or explore Nahnu Plugins.