CloudFlare Firewall Ayarları Nasıl Yapılır? CloudFlare Firewall ile Wordpress Güvenliği Nasıl Sağlanır?

(cf.threat_score gt 14) or 
(not http.request.version in {"HTTP/1.0" "HTTP/1.1" "HTTP/1.2" "HTTP/2" "HTTP/3" "SPDY/3.1"}) or
(http.host eq "mertcangokgoz.com" and not cf.edge.server_port in {80 443}) or
(http.request.uri.path contains "/phpunit") or 
(http.request.uri contains "<?php") or 
(http.cookie contains "<?php") or 
(http.request.full_uri contains "passwd") or 
(http.request.uri contains "/dfs/") or 
(http.request.uri contains "/autodiscover/") or 
(http.request.uri contains "/wpad.") or 
(http.request.uri contains "wallet.dat") or 
(http.request.uri contains "/.env") or
(http.request.uri contains "../") or
(http.request.full_uri contains "webconfig.txt") or 
(http.request.full_uri contains "vuln.") or 
(http.request.uri contains ".sql") or 
(http.request.uri contains ".bak") or 
(http.request.uri contains ".cfg") or 
(http.request.uri contains ".env") or 
(http.request.uri contains ".ini") or 
(http.request.uri contains ".log") or 
(http.request.uri.query contains "bin.com/") or 
(http.request.uri.query contains "bin.net/") or 
(raw.http.request.uri.query contains "?%00") or 
(http.request.uri.query contains "eval(") or 
(http.request.uri.query contains "base64") or 
(http.request.uri.query contains "var_dump") or 
(http.request.uri.query contains "<script") or 
(http.request.uri.query contains "%3Cscript") or 
(http.cookie contains "<script") or 
(http.referer contains "<script") or 
(upper(http.request.uri.query) contains " UNION ALL ") or 
(upper(http.request.uri.query)contains " SELECT ") or 
(raw.http.request.uri contains "../") or 
(raw.http.request.uri contains "..%2F") or
(http.request.uri.path contains ".js.map") or
(http.request.uri.query contains "$_GLOBALS[") or 
(http.request.uri.query contains "$_REQUEST[") or 
(http.request.uri.query contains "$_POST[")

(lower(http.user_agent) contains "?%00") or 
(lower(http.user_agent) contains "$[") or 
(lower(http.user_agent) contains "${") or 
(lower(http.user_agent) contains "absinthe") or 
(lower(http.user_agent) contains "appinsights") or
(lower(http.user_agent) contains "mj12bot") or
(lower(http.user_agent) contains "semrushbot") or 
(lower(http.user_agent) contains "dotbot") or 
(lower(http.user_agent) contains "whatcms") or 
(lower(http.user_agent) contains "rogerbot") or 
(lower(http.user_agent) contains "trendictionbot") or 
(lower(http.user_agent) contains "blexbot") or 
(lower(http.user_agent) contains "linkfluence") or 
(lower(http.user_agent) contains "magpie-crawler") or 
(lower(http.user_agent) contains "mediatoolkitbot") or 
(lower(http.user_agent) contains "aspiegelbot") or 
(lower(http.user_agent) contains "domainstatsbot") or 
(lower(http.user_agent) contains "coccocbot") or 
(lower(http.user_agent) contains "commix") or 
(lower(http.user_agent) contains "crimscanner") or 
(lower(http.user_agent) contains "davclnt") or 
(lower(http.user_agent) contains "datacha0s") or 
(lower(http.user_agent) contains "dirbuster") or 
(lower(http.user_agent) contains "cincraw") or 
(lower(http.user_agent) contains "nimbostratus") or 
(lower(http.user_agent) contains "httrack") or 
(lower(http.user_agent) contains "serpstatbot") or 
(lower(http.user_agent) contains "omgili") or 
(lower(http.user_agent) contains "grapeshotcrawler") or 
(lower(http.user_agent) contains "megaindex") or 
(lower(http.user_agent) contains "petalbot") or 
(lower(http.user_agent) contains "semanticbot") or 
(lower(http.user_agent) contains "cocolyzebot") or 
(lower(http.user_agent) contains "domcopbot") or 
(lower(http.user_agent) contains "traackr") or 
(lower(http.user_agent) contains "bomborabot") or 
(lower(http.user_agent) contains "linguee") or 
(lower(http.user_agent) contains "webtechbot") or 
(lower(http.user_agent) contains "domainstatsbot") or 
(lower(http.user_agent) contains "clickagy") or 
(lower(http.user_agent) contains "sqlmap") or 
(lower(http.user_agent) contains "internet-structure-research-project-bot") or 
(lower(http.user_agent) contains "seekport") or 
(lower(http.user_agent) contains "awariosmartbot") or 
(lower(http.user_agent) contains "onalyticabot") or 
(lower(http.user_agent) contains "buck") or 
(lower(http.user_agent) contains "riddler") or 
(lower(http.user_agent) contains "sbl-bot") or 
(lower(http.user_agent) contains "df bot 1.0") or 
(lower(http.user_agent) contains "pubmatic crawler bot") or 
(lower(http.user_agent) contains "restsharp") or 
(lower(http.user_agent) contains "bvbot") or 
(lower(http.user_agent) contains "sogou") or 
(lower(http.user_agent) contains "barkrowler") or 
(lower(http.user_agent) contains "admantx") or 
(lower(http.user_agent) contains "adbeat") or 
(lower(http.user_agent) contains "embed.ly") or 
(lower(http.user_agent) contains "semantic-visions") or 
(lower(http.user_agent) contains "voluumdsp") or 
(lower(http.user_agent) contains "wc-test-dev-bot") or 
(lower(http.user_agent) contains "gulperbot") or
(lower(http.user_agent) contains "360Spider") or
(lower(http.user_agent) contains "/bin/bash") or 
(lower(http.user_agent) contains "crawler.feedback@gmail.com") or 
(lower(http.user_agent) contains "eval(") or 
(lower(http.user_agent) contains "env:") or 
(lower(http.user_agent) contains "fhscan") or 
(lower(http.user_agent) contains "floodgate") or 
(lower(http.user_agent) contains "go-http-client/") or 
(lower(http.user_agent) contains "nikto") or  
(lower(http.user_agent) contains "python") or
(lower(http.user_agent) contains "masscan") or 
(lower(http.user_agent) contains "mail.ru") or 
(lower(http.user_agent) contains "scrapy") or 
(lower(http.user_agent) contains "webdav-miniredir") or 
(lower(http.user_agent) contains "winhttp.winhttprequest") or 
(lower(http.user_agent) contains "zmeu") or
(lower(http.user_agent) contains "fuzz") or 
(lower(http.user_agent) contains "wp_is_mobile") or 
(lower(http.user_agent) contains "sqlninja") or 
(lower(http.user_agent) contains "yaanibot")

(http.user_agent contains "Acunetix") or
(lower(http.user_agent) contains "apache") or
(http.user_agent contains "BackDoorBot") or
(http.user_agent contains "cobion") or
(http.user_agent contains "masscan") or 
(http.user_agent contains "FHscan") or 
(http.user_agent contains "scanbot") or 
(http.user_agent contains "Gscan") or 
(http.user_agent contains "Researchscan") or 
(http.user_agent contains "WPScan") or 
(http.user_agent contains "ScanAlert") or 
(http.user_agent contains "Wprecon") or
(lower(http.user_agent) contains "virusdie") or
(http.user_agent contains "VoidEYE") or
(http.user_agent contains "WebShag") or
(http.user_agent contains "Zeus") or
(http.user_agent contains "zgrab") or
(lower(http.user_agent) contains "zmap") or 
(lower(http.user_agent) contains "nmap") or 
(lower(http.user_agent) contains "fimap") or
(http.user_agent contains "ZmEu") or
(http.user_agent contains "ZumBot") or
(http.user_agent contains "Zyborg")

(http.request.uri.query contains "author_name=") or 
(http.request.uri.query contains "author=" and not http.request.uri.path contains "/wp-admin/export.php") or 
(http.request.uri contains "wp-config.") or 
(http.request.uri contains "setup-config.") or
(http.request.uri.path eq "/wp-comments-post.php" and http.request.method eq "POST" and not http.referer contains "mertcangokgoz.com") or
(http.request.uri.path contains "/xmlrpc.php")

((http.request.uri.path contains "/wp-admin/" and not http.request.uri.path contains "/wp-admin/admin-ajax.php" and not http.request.uri.path contains "/wp-admin/theme-editor.php"))

(not ip.src in {1.1.1.1/32} and http.request.uri.path contains "/wp-login.php")

not (http.referer contains "mertcangokgoz.com" or http.referer eq "cdn.mertcangokgoz.com" or http.referer eq "www.cloudflare.com")

(http.host eq "mertcangokgoz.com") and not cf.edge.server_port in {80 443}

(not ip.src in {1.1.1.1/32} and lower(http.request.uri.path) contains "/wp-admin" and lower(http.request.uri.path) contains "/wp-login.php")