WordPress site owners and agencies now have a new tool to manage Cloudflare services without leaving the WordPress admin area. The WP WAF Manager plugin, developed by Nahnu Plugins, connects to Cloudflare via its API and allows users to handle WAF rules, DNS records, zone controls, IP access rules, security events, analytics, and email routing from a single WordPress interface.
For WordPress agencies, the plugin addresses a common workflow challenge: managing Cloudflare across multiple client sites often requires logging into separate dashboards, repeating rule updates, and switching between accounts. WP WAF Manager consolidates the most-used Cloudflare controls into the WordPress admin area, where agencies already manage client websites.
Security is a primary focus of the plugin. WP WAF Manager helps site owners improve edge-level security by deploying Cloudflare WAF rules before traffic reaches the WordPress server. The plugin includes five tested firewall rules based on the open-source wafrules.com ruleset. These rules target bad bots, SQL injection attempts, path traversal, VPN traffic, web hosting ASN traffic, and other common attack patterns.
The plugin separates custom IP and user agent allowlists from the base WAF ruleset, allowing users to update the main ruleset without losing their own custom allowlist settings. For agencies managing client sites, this reduces the risk of overwriting important access rules during security updates.
Beyond firewall management, WP WAF Manager includes Cloudflare DNS management from within WordPress. Users can manage DNS records, zone controls, cache purge, Under Attack Mode, Development Mode, SSL settings, IP access rules, security events, and email routing without leaving the WordPress dashboard.
The plugin uses scoped Cloudflare API tokens as the recommended connection method, allowing users to grant only the permissions WP WAF Manager needs. This approach gives site owners and agencies better control than using a full Cloudflare Global API Key.
WP WAF Manager works with Cloudflare Free for most supported features, though the Security Events viewer requires Cloudflare Pro or higher because it depends on Cloudflare Events API access.
The plugin is available as a free, open-source project through GitHub under the MIT license. A Pro license is available for users who want automatic plugin updates inside WordPress admin and priority email support. More information can be found at the WP WAF Manager website and its documentation page. Nahnu Plugins, the developer behind the plugin, can be found at nahnuplugins.com.
