New Security Feature: Cloudflare’s “Under Attack” Mode
We’re in the process of launching a new security layer for our WordPress login screen. It uses Cloudflare’s “Under Attack” mode to issue a browser challenge when the login screen first loads. It looks something like this:
If you’re not familiar, Cloudflare is a service that sits between a web server and a web browser, transforming the traffic between the two in helpful ways, mostly pertaining to security and performance. In this case, Cloudflare is taking a moment to inspect “browser heuristics” to see if the user seems like a legit WordPress account holder, or just an evil bot trying to hack its way in.
This is not to be confused with a “Captcha” based security layer. You don’t need to click on pictures of boats, or decipher squiggly phrases. You simply wait there for a moment as Cloudflare rolls out the red carpet for you.
I’ve started to see this layer on banking websites and also our web host of record, WP Engine.
Look for this feature to appear on all blogs on our platform within the next few weeks.