Enter a search term to find articles.
Protect Your Admin Panel with Cloudflare Zero Trust — For Free!

Protect Your Admin Panel with Cloudflare Zero Trust — For Free!

November 21, 2025
37 views

A quick security win — no coding, no plugins, no cost.

🎯 Why protect your Admin Panel?

Admin URLs are like gold mines for attackers. Even if your login is secure, exposing these URLs publicly allows:

  • Bot scanning
  • Brute-force attempts
  • Vulnerability probing

The best protection? Make them invisible to the internet.

🚀 Solution: Hide Admin Panel behind Cloudflare Zero Trust

🛠️ What we'll do?

We'll block public access to /admin (and related URLs), and allow access only to authorized users — protected by email, Google Login, OTP or identity provider.

Step-by-Step Setup

1️⃣ Go to Cloudflare -> Zero Trust

  • Login to Cloudflare. Then on the sidebar click Zero Trust
  • Choose the free plan, but Cloudflare will still ask you to provide payment details
  • If you're working with a team, I recommend setting up using an email address that everyone has access to so they can easily get the one-time PIN

2️⃣ Manage Identity Providers

  • On Zero Trust Dashboard, on the sidebar click Integrations -> Identity providers
  • These will provide a way for you to authenticate for your login panel. One-time PIN is enabled by default — this will send an OTP to the registered email address.
  • Of course, you can also add other ways to authenticate:

Zero Trust Login Methods

3️⃣ Create a Policy

  • On the sidebar click Access controls -> Policies
  • On Policy Name: Allow Team Members (or whatever policy name you want that makes sense)
  • Duration: Set to default: 24 hours
  • Then on Add Rules -> Selector choose Emails - here you can add the emails of your team members who will need access to your admin panel.
  • Once done, scroll down and click Save

4️⃣ Add your Application

  • On the sidebar click Access controls -> Applications
  • Click Add Application then select Self-hosted
  • Application Name: My Website Admin (or whatever makes sense to you)
  • Click on Add public hostname -> Input your domain and path to admin like so
Domain: https://mydomain.com
Path: /admin* // This will secure the admin and all related URLs
  • Then on Access Policies -> click Select existing policies then apply the policy that you've created
  • Then scroll down to Login Methods and make sure Accept all available identity providers is turned on so that any providers you've setup on the 2nd step will be used.
  • Then Save

5️⃣ Test

  • Visit your admin panel
  • Instead of admin login, you'll see Cloudflare Access prompt
  • Confirm email -> enter code that was sent to the registered email -> Cloudflare grants access
  • After that, you'll see your normal admin login page — but only after identity check

⭐️ Why This Works (Even on Free Plan)

✔️ Access rules (email-based)

✔️ One-time PIN

✔️ Google login

✔️ Protect multiple paths

✔️ Works with Laravel, WordPress, Node, etc.

🔚 Final Thoughts

This is the fastest way to secure your admin panel — without changing any code, installing any package, or paying for a plan.

Makes your panel invisible, protected, and accessible only to you — for free.

security cloudflare
Marvin Quezon

Marvin Quezon

Full Stack Web Developer

GitHub Instagram Twitter
GitHub Instagram Twitter
Marvin Quezon · Copyright © 2025 · Privacy · Sitemap