Skip to content
Insight on digital media from the team at LexBlog, Inc.

New Security Feature: Cloudflare’s “Under Attack” Mode

This hassle-free security layer is becoming an industry standard
Silhouette of a person walking through a door labeled with a 7. This was taken on top of a parking garage.
Milo Bauman, Unsplash
July 12, 2023

We’re in the process of launching a new security layer for our WordPress login screen. It uses Cloudflare’s “Under Attack” mode to issue a browser challenge when the login screen first loads. It looks something like this:


Cloudflare’s browser challenge UI sitting in front of our WordPress login UI.

If you’re not familiar, Cloudflare is a service that sits between a web server and a web browser, transforming the traffic between the two in helpful ways, mostly pertaining to security and performance. In this case, Cloudflare is taking a moment to inspect “browser heuristics” to see if the user seems like a legit WordPress account holder, or just an evil bot trying to hack its way in.

This is not to be confused with a “Captcha” based security layer. You don’t need to click on pictures of boats, or decipher squiggly phrases. You simply wait there for a moment as Cloudflare rolls out the red carpet for you.

I’ve started to see this layer on banking websites and also our web host of record, WP Engine.

Look for this feature to appear on all blogs on our platform within the next few weeks.

Posted in: