WordPress site owners and agencies managing multiple client sites can now control Cloudflare security and performance tools directly from their WordPress admin dashboard, thanks to a new plugin called WP WAF Manager. Developed by Nahnu Plugins, the plugin integrates with Cloudflare’s API to provide a centralized interface for managing WAF rules, DNS records, zone controls, IP access rules, security events, analytics, and email routing.
For agencies, the plugin addresses a common workflow bottleneck: toggling between separate Cloudflare dashboards for each client site. WP WAF Manager brings these controls into the WordPress admin area where agencies already manage client websites, allowing them to update rules and settings across multiple accounts without leaving the WordPress environment.
The plugin includes five pre-tested firewall rules based on the open-source wafrules.com ruleset, targeting bad bots, SQL injection attempts, path traversal, VPN traffic, and web hosting ASN traffic. These rules are deployed at the edge level, blocking threats before they reach the WordPress server. Custom IP and user agent allowlists are kept separate from the main ruleset, enabling users to update the base rules without losing their own allowlist settings—a feature particularly useful for agencies managing multiple client sites.
Beyond WAF management, WP WAF Manager supports DNS record management, cache purging, Under Attack Mode, Development Mode, SSL settings, IP access rules, security events, and email routing—all from the WordPress dashboard. The plugin uses scoped Cloudflare API tokens as the recommended connection method, allowing users to grant only the permissions the plugin needs, which offers better security control than using a full Global API Key.
Most features work with Cloudflare’s free plan, though the Security Events viewer requires Cloudflare Pro or higher due to its reliance on the Cloudflare Events API. WP WAF Manager is available as a free, open-source plugin on GitHub under the MIT license. A Pro license, which provides automatic plugin updates within WordPress admin and priority email support, is also available for users who need additional convenience.
For more information, visit the WP WAF Manager website or check the documentation. Nahnu Plugins, the developer, can be found at nahnuplugins.com.
