Cloudflare WAF Firewall Security Rules are a great way to restrict access to specific URLs / URIs on your website (for instance the admin page (wp-admin) and the rest API path (wp-json/wp/v2)).
I would suggest to limit access to those pages to both your personal IP and your hosting server’s IP.
In order to prevent being blocked from accessing your own website, you’ll need to add your IPv6 IP address to the list of authorized IPs.
🌐 Example of IPv6 address: 2001:0db8:85a3:0000:0000:8a2e:0370:7334.
The problem is that Cloudflare doesn’t allow the usual long form IPv6 addresses.
This is the error message you’ll get if you try to add a long IPv6 to a list:
Invalid value for ip at position 0: filters.api.IPv6 IP addresses are not supported. We suggest using a /64 CIDR instead (Code: 10038)
In order to register your IPv6, you should convert it to IPv6 CIDR notation.
Vulture provides a tool to easily convert your long IPv6 IP address into a shorter version, compatible with Cloudflare IP list: https://www.vultr.com/resources/subnet-calculator-ipv6/
Simply type in the IPv6 you’ll find via a tool like https://whatismyipaddress.com/ and you’ll get a shortened version you’ll be able to use on Cloudflare. You can also enter the IPv4 format (also for your server).