With a very simple Cloudflare firewall rule, you can disable your website for everyone else, except yourself. And this is the ONLY safe way to restore a backup of your website. OR, in case you want to temporarily hide your site from everyone else. Generally while restoring backups, WordPress has no powers to protect itself. During the restoration process, if the domain is accessible to the public, anyone can download the files on your website.
While reinstalling WordPress Backups, you may also think that you will disable ‘directory listing’ through ‘.htaccess’. That’s true. But during restoration, the old ‘.htaccess’ will be deleted and a new ‘.htaccess’ file is created, which exposes the website to the public.
The only condition for this article to work is that your domain should be pointing its Name Servers to Cloudflare.
All the steps to be followed are neatly explained. If this article was helpful, kindly let us know in the comments. Or, if you have any other ideas to achieve the same, let us know.
First, Login to Cloudflare, Go to ‘Firewall’ Tab and select ‘Firewall Rules’.
Add a new Rule with the Below Content. Here I have added a Cookie with name, ilike=wpclimax. You can add whatever you want. Keep it simple.
As you can see, I have added a Firewall Rule to my test site, “wpclimax.info”. Once added, go to the Firewall Rules list and ‘Switch Off’ other rules (if any). Also, move this rule to the top of others.
Once the rule is added, it works instant. You don’t have to wait at all. When I check my site in a new window, here is what I see. ” Error 1020″,
How this works is, when someone tries to visit the domain (wpclimax.info in my case), it will search for the cookie with name: ilike with value: wpclimax. If it finds, it will unblock the website.
So, now how do you access your own site? It’s simple. Open the website in any Browser, which will be obviously blocked, Open the inspect element and add the cookie that you created in the Storage tab under Applications. OR, use any ‘Cookie Editor’ chrome extension. Once the Cookie Editor Browser extension is installed, add a new cookie as defined below.
Now if you refresh your Website, Viola!, it’s viewable for you only. For others, it’s Blocked. Technically the Cookie you added is your Password. You can now log in to your site just like before.
If you have a dedicated IP (static IP) for your Internet Connection, you can use IP Condition in the same Firewall Rule. Only you can open your website. No hassle of adding cookies.
I am using this procedure for many years now, If you found this useful, share it with others too. For any questions/ queries, let us know.