WP-login.php Protection

You can use this document to learn how to protect wp-login.php from unwanted IP addresses.

Based on the script's configurations, this process will deny access to wp-login.php to specified IP addresses. For example, if you have a blog with multiple authors, then you should not use this script. 

In the following example, the route is: wp-login.php

Review the following sample script: 

addEventListener('fetch', event => {
  event.respondWith(fetchAndApply(event.request))
})

async function fetchAndApply(request) { 
  //Create an Array of whitelisted IP's that can login to WP
  var whitelist = ["192.168.1.1", "192.168.1.2"];
  //If client's IP is not in the whitelist deny access
  if (!whitelist.includes(request.headers.get('x-sp-client-ip'))) {
    return new Response('Access Denied',
    { status: 403, statusText: 'Forbidden' })
  }

  return fetch(request)
}

You can access your script with any of the Delivery Domains on your account.

Based on the above example, you can access the script with: https://domain.com/wp-login