Skip to content
Cloudflare Docs

Set WordPress rules to Block

Follow the steps below to create a rule that executes a managed ruleset and defines an override for rules with a specific tag.

  1. Add a rule to a phase entry point ruleset that executes a managed ruleset.
  2. Configure a tag override that sets a specified action for all rules with a given tag.

The example below uses the Update a zone entry point ruleset operation to perform the two steps in a single PUT request.

  • Set the list of rules in the http_request_firewall_managed phase entry point ruleset to a single rule that executes the Cloudflare Managed Ruleset.
  • Override rules with the wordpress tag to set the action to block. All other rules use the default action provided by the ruleset issuer.

Example: Use tag overrides to set WordPress rules to Block at the zone level

Required API token permissions

 At least one of the following token permissions is required:
  • Response Compression Write
  • Config Settings Write
  • Dynamic URL Redirects Write
  • Cache Settings Write
  • Custom Errors Write
  • Origin Write
  • Managed headers Write
  • Zone Transform Rules Write
  • Mass URL Redirects Write
  • Magic Firewall Write
  • L4 DDoS Managed Ruleset Write
  • HTTP DDoS Managed Ruleset Write
  • Sanitize Write
  • Transform Rules Write
  • Select Configuration Write
  • Bot Management Write
  • Zone WAF Write
  • Account WAF Write
  • Account Rulesets Write
  • Logs Write
  • Logs Write
Update a zone entry point ruleset
curl https://api.cloudflare.com/client/v4/zones/$ZONE_ID/rulesets/phases/http_request_firewall_managed/entrypoint \
  --request PUT \
  --header "Authorization: Bearer $CLOUDFLARE_API_TOKEN" \
  --json '{
    "rules": [
        {
            "action": "execute",
            "expression": "true",
            "action_parameters": {
                "id": "<MANAGED_RULESET_ID>",
                "overrides": {
                    "categories": [
                        {
                            "category": "wordpress",
                            "action": "block"
                        }
                    ]
                }
            }
        }
    ]
  }'

Example: Use tag overrides to set WordPress rules to Block at the account level

Required API token permissions

 At least one of the following token permissions is required:
  • Mass URL Redirects Write
  • Magic Firewall Write
  • L4 DDoS Managed Ruleset Write
  • Transform Rules Write
  • Select Configuration Write
  • Account WAF Write
  • Account Rulesets Write
  • Logs Write
Update an account entry point ruleset
curl https://api.cloudflare.com/client/v4/accounts/$ACCOUNT_ID/rulesets/phases/http_request_firewall_managed/entrypoint \
  --request PUT \
  --header "Authorization: Bearer $CLOUDFLARE_API_TOKEN" \
  --json '{
    "rules": [
        {
            "action": "execute",
            "expression": "cf.zone.name eq \"example.com\" and cf.zone.plan eq \"ENT\"",
            "action_parameters": {
                "id": "<MANAGED_RULESET_ID>",
                "overrides": {
                    "categories": [
                        {
                            "category": "wordpress",
                            "action": "block"
                        }
                    ]
                }
            }
        }
    ]
  }'