{"id":1364,"date":"2025-11-05T16:02:19","date_gmt":"2025-11-05T13:02:19","guid":{"rendered":"https:\/\/www.dchost.com\/blog\/cloudflare-waf-kurallari-ve-oran-sinirlama-ile-wordpressi-botlardan-nasil-korursun\/"},"modified":"2025-11-05T16:02:19","modified_gmt":"2025-11-05T13:02:19","slug":"cloudflare-waf-kurallari-ve-oran-sinirlama-ile-wordpressi-botlardan-nasil-korursun","status":"publish","type":"post","link":"https:\/\/www.dchost.com\/blog\/cloudflare-waf-kurallari-ve-oran-sinirlama-ile-wordpressi-botlardan-nasil-korursun\/","title":{"rendered":"Cloudflare WAF Kurallar\u0131 ve Oran S\u0131n\u0131rlama ile WordPress\u2019i Bot\u2019lardan Nas\u0131l Korursun?"},"content":{"rendered":"<div class=\"dchost-blog-content-wrapper\"><div id=\"toc_container\" class=\"toc_transparent no_bullets\"><p class=\"toc_title\">\u0130&ccedil;indekiler<\/p><ul class=\"toc_list\"><li><a href=\"#Kucuk_Bir_Hikaye_Bir_Sabah_Uyaniyorsun_ve_Site_Nefes_Nefese\"><span class=\"toc_number toc_depth_1\">1<\/span> K\u00fc\u00e7\u00fck Bir Hik\u00e2ye: Bir Sabah Uyan\u0131yorsun ve Site Nefes Nefese<\/a><\/li><li><a href=\"#Botlar_WordPressi_Neden_Bu_Kadar_Sever_Ve_Biz_Buna_Ne_Yapabiliriz\"><span class=\"toc_number toc_depth_1\">2<\/span> Botlar WordPress\u2019i Neden Bu Kadar Sever? Ve Biz Buna Ne Yapabiliriz?<\/a><ul><li><a href=\"#Kapi_Neredeyse_Hep_Ayni_Yerden_Zorlanir\"><span class=\"toc_number toc_depth_2\">2.1<\/span> Kap\u0131 Neredeyse Hep Ayn\u0131 Yerden Zorlan\u0131r<\/a><\/li><\/ul><\/li><li><a href=\"#Cloudflare_WAFi_Sade_Dusun_Yonetilen_Kurallar_Hafif_Dokunuslu_Ozellestirme\"><span class=\"toc_number toc_depth_1\">3<\/span> Cloudflare WAF\u2019i Sade D\u00fc\u015f\u00fcn: Y\u00f6netilen Kurallar + Hafif Dokunu\u015flu \u00d6zelle\u015ftirme<\/a><ul><li><a href=\"#Yonetilen_Kurallar_Kutudan_Cikan_Akil\"><span class=\"toc_number toc_depth_2\">3.1<\/span> Y\u00f6netilen Kurallar: Kutudan \u00c7\u0131kan Ak\u0131l<\/a><\/li><li><a href=\"#Ozellestirme_WordPressin_Zayif_Halkalarina_Iyi_Gelen_Kucuk_Kurallar\"><span class=\"toc_number toc_depth_2\">3.2<\/span> \u00d6zelle\u015ftirme: WordPress\u2019in Zay\u0131f Halkalar\u0131na \u0130yi Gelen K\u00fc\u00e7\u00fck Kurallar<\/a><\/li><\/ul><\/li><li><a href=\"#Oran_Sinirlama_Ritmi_Sen_Belirle_Sunucu_Sakin_Kalsin\"><span class=\"toc_number toc_depth_1\">4<\/span> Oran S\u0131n\u0131rlama: Ritmi Sen Belirle, Sunucu Sakin Kals\u0131n<\/a><ul><li><a href=\"#Bazi_Kapilar_Kapasite_Ister_Bazilari_Sabir\"><span class=\"toc_number toc_depth_2\">4.1<\/span> Baz\u0131 Kap\u0131lar Kapasite \u0130ster, Baz\u0131lar\u0131 Sab\u0131r<\/a><\/li><li><a href=\"#Yan_Etkileri_Dusun_Istisnalar_ve_Bypass\"><span class=\"toc_number toc_depth_2\">4.2<\/span> Yan Etkileri D\u00fc\u015f\u00fcn: \u0130stisnalar ve Bypass<\/a><\/li><\/ul><\/li><li><a href=\"#Adim_Adim_Pratik_WordPress_Icin_Sicacik_Bir_Kural_Seti\"><span class=\"toc_number toc_depth_1\">5<\/span> Ad\u0131m Ad\u0131m Pratik: WordPress \u0130\u00e7in S\u0131cac\u0131k Bir Kural Seti<\/a><ul><li><a href=\"#1_wp-loginphpyi_Sakinlestir\"><span class=\"toc_number toc_depth_2\">5.1<\/span> 1) wp-login.php\u2019yi Sakinle\u015ftir<\/a><\/li><li><a href=\"#2_xmlrpcphpyi_Iyice_Kontrol_Et\"><span class=\"toc_number toc_depth_2\">5.2<\/span> 2) xmlrpc.php\u2019yi \u0130yice Kontrol Et<\/a><\/li><li><a href=\"#3_Arama_Yorum_ve_Formlar_Kibar_Ama_Kararli\"><span class=\"toc_number toc_depth_2\">5.3<\/span> 3) Arama, Yorum ve Formlar: Kibar Ama Kararl\u0131<\/a><\/li><li><a href=\"#4_Statik_Dosyalar_ve_Onbellek_Yanlis_Hedefe_Kursun_Sikma\"><span class=\"toc_number toc_depth_2\">5.4<\/span> 4) Statik Dosyalar ve \u00d6nbellek: Yanl\u0131\u015f Hedefe Kur\u015fun S\u0131kma<\/a><\/li><li><a href=\"#5_Bot_Davranisini_Izle_Deseni_Gor_Kurali_Incel\"><span class=\"toc_number toc_depth_2\">5.5<\/span> 5) Bot Davran\u0131\u015f\u0131n\u0131 \u0130zle: Deseni G\u00f6r, Kural\u0131 \u0130ncel<\/a><\/li><\/ul><\/li><li><a href=\"#Supheli_Trafigi_Ayirt_Etmenin_Ince_Yollari\"><span class=\"toc_number toc_depth_1\">6<\/span> \u015e\u00fcpheli Trafi\u011fi Ay\u0131rt Etmenin \u0130nce Yollar\u0131<\/a><ul><li><a href=\"#Insan_Gibi_Gorunen_Botlar\"><span class=\"toc_number toc_depth_2\">6.1<\/span> \u0130nsan Gibi G\u00f6r\u00fcnen Botlar<\/a><\/li><li><a href=\"#Ulkeler_ASNler_ve_Bilinen_Kotu_Komsular\"><span class=\"toc_number toc_depth_2\">6.2<\/span> \u00dclkeler, ASN\u2019ler ve Bilinen K\u00f6t\u00fc Kom\u015fular<\/a><\/li><li><a href=\"#OWASP_Top_10u_Aklinda_Tut\"><span class=\"toc_number toc_depth_2\">6.3<\/span> OWASP Top 10\u2019u Akl\u0131nda Tut<\/a><\/li><\/ul><\/li><li><a href=\"#Gercek_Bir_Senaryo_WooCommerce_Magazasinda_Sakinlik_Nasil_Geri_Geldi\"><span class=\"toc_number toc_depth_1\">7<\/span> Ger\u00e7ek Bir Senaryo: WooCommerce Ma\u011fazas\u0131nda Sakinlik Nas\u0131l Geri Geldi?<\/a><ul><li><a href=\"#Once_Gozlem_Sonra_Akilli_Kurallar\"><span class=\"toc_number toc_depth_2\">7.1<\/span> \u00d6nce G\u00f6zlem, Sonra Ak\u0131ll\u0131 Kurallar<\/a><\/li><\/ul><\/li><li><a href=\"#Uygularken_Dikkat_Hiz_Onbellek_ve_Guvenlik_Ayni_Hikayenin_Parcasi\"><span class=\"toc_number toc_depth_1\">8<\/span> Uygularken Dikkat: H\u0131z, \u00d6nbellek ve G\u00fcvenlik Ayn\u0131 Hik\u00e2yenin Par\u00e7as\u0131<\/a><ul><li><a href=\"#Cache_Yan_Etkileri\"><span class=\"toc_number toc_depth_2\">8.1<\/span> Cache Yan Etkileri<\/a><\/li><li><a href=\"#Dogrulama_Akisi\"><span class=\"toc_number toc_depth_2\">8.2<\/span> Do\u011frulama Ak\u0131\u015f\u0131<\/a><\/li><\/ul><\/li><li><a href=\"#Kucuk_Bir_Yol_Haritasi_Ilk_Gunden_Itibaren_Uygulanabilir_Adimlar\"><span class=\"toc_number toc_depth_1\">9<\/span> K\u00fc\u00e7\u00fck Bir Yol Haritas\u0131: \u0130lk G\u00fcnden \u0130tibaren Uygulanabilir Ad\u0131mlar<\/a><ul><li><a href=\"#1_Yonetilen_Kurallari_Ac\"><span class=\"toc_number toc_depth_2\">9.1<\/span> 1) Y\u00f6netilen Kurallar\u0131 A\u00e7<\/a><\/li><li><a href=\"#2_wp-loginphp_ve_xmlrpcphpyi_Hedefe_Koy\"><span class=\"toc_number toc_depth_2\">9.2<\/span> 2) wp-login.php ve xmlrpc.php\u2019yi Hedefe Koy<\/a><\/li><li><a href=\"#3_Formlar_ve_Arama_Icin_Kibar_Sinirlar\"><span class=\"toc_number toc_depth_2\">9.3<\/span> 3) Formlar ve Arama \u0130\u00e7in Kibar S\u0131n\u0131rlar<\/a><\/li><li><a href=\"#4_Logla_Incele_Iyilestir\"><span class=\"toc_number toc_depth_2\">9.4<\/span> 4) Logla, \u0130ncele, \u0130yile\u015ftir<\/a><\/li><li><a href=\"#5_Guvenlik_Basliklari_ve_Onbellek_Ayarlarini_Tamamla\"><span class=\"toc_number toc_depth_2\">9.5<\/span> 5) G\u00fcvenlik Ba\u015fl\u0131klar\u0131 ve \u00d6nbellek Ayarlar\u0131n\u0131 Tamamla<\/a><\/li><\/ul><\/li><li><a href=\"#Sik_Karsilasilan_Tuzaklar_ve_Nazik_Cozumler\"><span class=\"toc_number toc_depth_1\">10<\/span> S\u0131k Kar\u015f\u0131la\u015f\u0131lan Tuzaklar ve Nazik \u00c7\u00f6z\u00fcmler<\/a><ul><li><a href=\"#Cok_Sert_Basladim_Kullanicilar_Giremiyor\"><span class=\"toc_number toc_depth_2\">10.1<\/span> \u201c\u00c7ok Sert Ba\u015flad\u0131m, Kullan\u0131c\u0131lar Giremiyor\u201d<\/a><\/li><li><a href=\"#Botlar_Iceri_Girmiyor_Ama_Trafik_Hala_Yuksek\"><span class=\"toc_number toc_depth_2\">10.2<\/span> \u201cBotlar \u0130\u00e7eri Girmiyor Ama Trafik H\u00e2l\u00e2 Y\u00fcksek\u201d<\/a><\/li><li><a href=\"#Bir_Entegrasyon_Bozuldu\"><span class=\"toc_number toc_depth_2\">10.3<\/span> \u201cBir Entegrasyon Bozuldu\u201d<\/a><\/li><\/ul><\/li><li><a href=\"#Gozun_Ustunde_Olsun_Izleme_Alarmlar_ve_Sureklilik\"><span class=\"toc_number toc_depth_1\">11<\/span> G\u00f6z\u00fcn \u00dcst\u00fcnde Olsun: \u0130zleme, Alarmlar ve S\u00fcreklilik<\/a><ul><li><a href=\"#Alarmlar_Kagida_Yazilmis_Kucuk_Hatirlatmalar_Gibi\"><span class=\"toc_number toc_depth_2\">11.1<\/span> Alarmlar: K\u00e2\u011f\u0131da Yaz\u0131lm\u0131\u015f K\u00fc\u00e7\u00fck Hat\u0131rlatmalar Gibi<\/a><\/li><li><a href=\"#Haftalik_Rutin_Kucuk_Dokunuslar\"><span class=\"toc_number toc_depth_2\">11.2<\/span> Haftal\u0131k Rutin: K\u00fc\u00e7\u00fck Dokunu\u015flar<\/a><\/li><li><a href=\"#Dokumantasyon_Yarinki_Sen_Icin_Not_Birak\"><span class=\"toc_number toc_depth_2\">11.3<\/span> Dok\u00fcmantasyon: Yar\u0131nki Sen \u0130\u00e7in Not B\u0131rak<\/a><\/li><\/ul><\/li><li><a href=\"#Kapanis_Guvenli_Hizli_ve_Sakin_Bir_WordPress_Mumkun\"><span class=\"toc_number toc_depth_1\">12<\/span> Kapan\u0131\u015f: G\u00fcvenli, H\u0131zl\u0131 ve Sakin Bir WordPress M\u00fcmk\u00fcn<\/a><ul><li><a href=\"#Son_Bir_Nefes_Son_Bir_Ozet\"><span class=\"toc_number toc_depth_2\">12.1<\/span> Son Bir Nefes, Son Bir \u00d6zet<\/a><\/li><\/ul><\/li><\/ul><\/div>\n<h2 id=\"section-1\"><span id=\"Kucuk_Bir_Hikaye_Bir_Sabah_Uyaniyorsun_ve_Site_Nefes_Nefese\">K\u00fc\u00e7\u00fck Bir Hik\u00e2ye: Bir Sabah Uyan\u0131yorsun ve Site Nefes Nefese<\/span><\/h2>\n<p>Hi\u00e7 sabah kahveni al\u0131p siteni a\u00e7t\u0131\u011f\u0131nda, sayfalar\u0131n a\u011f\u0131r a\u011f\u0131r y\u00fcklenirken \u201cAcaba hosting mi yetmiyor?\u201d dedi\u011fin oldu mu? Bir m\u00fc\u015fterimde tam b\u00f6yle bir g\u00fcn ya\u015fam\u0131\u015ft\u0131k. WooCommerce\u2019li bir WordPress ma\u011fazas\u0131, gece boyunca \u201ciyi niyetli g\u00f6r\u00fcnmeyen\u201d binlerce iste\u011fin hedefi olmu\u015f. Sunucu loglar\u0131n\u0131 a\u00e7\u0131nca ayn\u0131 desen tekrar tekrar: <strong>wp-login.php<\/strong> ve <strong>xmlrpc.php<\/strong>\u2026 Yani do\u011frudan kalbin \u00fcst\u00fcne basan botlar. Site nefes nefese kalm\u0131\u015f, ziyaret\u00e7iler ka\u00e7\u0131yor, sepetler bo\u015f kal\u0131yordu. O anda anlad\u0131m; h\u0131z kadar <strong>katmanl\u0131 g\u00fcvenlik<\/strong> da bir WordPress sitesinin en yak\u0131n dostu.<\/p>\n<p>Bug\u00fcn seninle, bu t\u00fcr bot sald\u0131r\u0131lar\u0131n\u0131 <strong>Cloudflare WAF kurallar\u0131<\/strong> ve <strong>oran s\u0131n\u0131rlama<\/strong> (rate limiting) ile nas\u0131l sakinle\u015ftirebilece\u011fini, hatta \u00e7o\u011funu daha kap\u0131ndan i\u00e7eri bile sokmadan nas\u0131l durdurabilece\u011fini konu\u015fal\u0131m. Yolda bolca ger\u00e7ek \u00f6rnek verece\u011fim, zor terimleri sadele\u015ftirece\u011fim, ama i\u015fi asla hafife almayaca\u011f\u0131z. En sonunda elinde kullanabilece\u011fin pratik bir kural seti, denetleme ve bak\u0131m rutini olacak. Haz\u0131rsan ba\u015flayal\u0131m.<\/p>\n<h2 id=\"section-2\"><span id=\"Botlar_WordPressi_Neden_Bu_Kadar_Sever_Ve_Biz_Buna_Ne_Yapabiliriz\">Botlar WordPress\u2019i Neden Bu Kadar Sever? Ve Biz Buna Ne Yapabiliriz?<\/span><\/h2>\n<h3><span id=\"Kapi_Neredeyse_Hep_Ayni_Yerden_Zorlanir\">Kap\u0131 Neredeyse Hep Ayn\u0131 Yerden Zorlan\u0131r<\/span><\/h3>\n<p>WordPress pop\u00fcler olunca, k\u00f6t\u00fc niyetli botlar\u0131n da ilk adresi oluyor. Mesela d\u00fc\u015f\u00fcn; <strong>wp-login.php<\/strong> herkesin bildi\u011fi standart bir kap\u0131. <strong>xmlrpc.php<\/strong> ise hem otomasyonlar hem de sald\u0131rganlar taraf\u0131ndan \u00e7ok seviliyor. Bir de <strong>arama, yorum, kay\u0131t<\/strong> gibi formlar var, trafik normal g\u00f6r\u00fcn\u00fcrken bir anda art\u0131\u015f g\u00f6sterebiliyor. \u0130\u015fin garibi, bu art\u0131\u015f her zaman <em>hacklenmeye \u00e7al\u0131\u015f\u0131l\u0131yorsun<\/em> anlam\u0131na gelmiyor; bazen sadece k\u00f6t\u00fc yap\u0131land\u0131r\u0131lm\u0131\u015f bir bot i\u00e7erik \u00e7ekiyor, ama sonu\u00e7 ayn\u0131: performans d\u00fc\u015f\u00fcyor, kullan\u0131c\u0131lar s\u0131k\u0131l\u0131yor.<\/p>\n<p>Bu noktada Cloudflare devreye giriyor. Trafi\u011fi \u00f6nce kendi \u00fcst katman\u0131nda kar\u015f\u0131l\u0131yor, sonra sitene g\u00f6nderiyor. Yani \u201ckap\u0131 \u00f6n\u00fcnde\u201d bekleyen g\u00fcvenlik g\u00f6revlisi gibi. <strong>WAF (Web Application Firewall)<\/strong> ile belli kal\u0131plar\u0131, \u015f\u00fcpheli davran\u0131\u015flar\u0131 ve bilinen k\u00f6t\u00fc niyetli imzalar\u0131 yakal\u0131yor. <strong>Oran s\u0131n\u0131rlama<\/strong> ise i\u015fin ritmini d\u00fczenliyor; ayn\u0131 kaynaktan k\u0131sa s\u00fcrede fazla istek gelirse, \u201cbir nefes al\u201d diyerek yava\u015flat\u0131yor, engelliyor ya da do\u011frulama istiyor.<\/p>\n<p>Benim pratikte g\u00f6rd\u00fc\u011f\u00fcm \u015fu: \u0130yi ayarlanm\u0131\u015f birka\u00e7 kural, sunucunun \u00fczerindeki y\u00fck\u00fc hissedilir \u015fekilde azalt\u0131yor. \u00dcstelik bunu yaparken me\u015fru kullan\u0131c\u0131y\u0131 \u00fczmemek as\u0131l ba\u015far\u0131. O y\u00fczden kurallar\u0131 \u201ck\u0131rm\u0131z\u0131 \u00e7izgi\u201d gibi de\u011fil, <strong>ince ayar<\/strong> gibi d\u00fc\u015f\u00fcnmek laz\u0131m. Birazdan ad\u0131m ad\u0131m gidece\u011fiz.<\/p>\n<h2 id=\"section-3\"><span id=\"Cloudflare_WAFi_Sade_Dusun_Yonetilen_Kurallar_Hafif_Dokunuslu_Ozellestirme\">Cloudflare WAF\u2019i Sade D\u00fc\u015f\u00fcn: Y\u00f6netilen Kurallar + Hafif Dokunu\u015flu \u00d6zelle\u015ftirme<\/span><\/h2>\n<h3><span id=\"Yonetilen_Kurallar_Kutudan_Cikan_Akil\">Y\u00f6netilen Kurallar: Kutudan \u00c7\u0131kan Ak\u0131l<\/span><\/h3>\n<p>Cloudflare\u2019\u0131n <strong>y\u00f6netilen WAF kurallar\u0131<\/strong> zaten iyi bir ba\u015flang\u0131\u00e7. En bilinen sald\u0131r\u0131 paternlerini, g\u00fcncel tehditleri ve yayg\u0131n suistimal yollar\u0131n\u0131 kaps\u0131yor. Panoda Security &gt; WAF ekran\u0131nda bu kurallar\u0131 etkinle\u015ftirince, k\u00f6t\u00fc trafi\u011fin b\u00fcy\u00fck bir k\u0131sm\u0131 daha sana gelmeden eleniyor. Detaylara merakl\u0131ysan, <a href=\"https:\/\/developers.cloudflare.com\/waf\/\" target=\"_blank\" rel=\"noopener nofollow\">Cloudflare\u2019\u0131n WAF dok\u00fcmantasyonundaki g\u00fcncel kural setlerine<\/a> g\u00f6z atmak g\u00fczel olur, ama burada i\u015fin \u00f6z\u00fcn\u00fc konu\u015fal\u0131m: Y\u00f6netilen kurallar <strong>temel savunmay\u0131<\/strong> sa\u011flar, <strong>WordPress\u2019e \u00f6zel kilit noktalar<\/strong> ise \u00f6zelle\u015ftirmeyle g\u00fc\u00e7lenir.<\/p>\n<h3><span id=\"Ozellestirme_WordPressin_Zayif_Halkalarina_Iyi_Gelen_Kucuk_Kurallar\">\u00d6zelle\u015ftirme: WordPress\u2019in Zay\u0131f Halkalar\u0131na \u0130yi Gelen K\u00fc\u00e7\u00fck Kurallar<\/span><\/h3>\n<p>Mesela \u015f\u00f6yle d\u00fc\u015f\u00fcn: Sitenin as\u0131l ziyaret\u00e7isi <strong>wp-login.php<\/strong>\u2019ye g\u00fcnde ka\u00e7 kez u\u011frar? \u0130ki, \u00fc\u00e7, bilemedin be\u015f. Peki botlar? Birka\u00e7 dakikada y\u00fczlerce. Bu fark bize harika bir sinyal sunuyor. WAF kurallar\u0131yla bu dosyaya gelen yo\u011fun denemeleri \u00f6nce <strong>challenge<\/strong> ile yava\u015flatabilir, h\u00e2l\u00e2 \u0131srar edenleri <strong>bloklayabilirsin<\/strong>. <strong>xmlrpc.php<\/strong> i\u00e7in de benzer bir yakla\u015f\u0131m m\u00fcmk\u00fcn; e\u011fer mecbur de\u011filsen bu dosyay\u0131 tamamen kapatmak bile i\u015fi \u00e7ok kolayla\u015ft\u0131r\u0131r. Ama otomasyon kullan\u0131yorsan, g\u00fcvenilir IP aral\u0131\u011f\u0131n\u0131 izinli listeye almak ak\u0131ll\u0131ca.<\/p>\n<p>Ben genelde iki prensipten \u015fa\u015fm\u0131yorum: Bir, <strong>kay\u0131t ve giri\u015f<\/strong> gibi hassas u\u00e7 noktalar\u0131 daha s\u0131k\u0131 koru. \u0130ki, <strong>botlar\u0131n yo\u011funla\u015ft\u0131\u011f\u0131 saatleri izle<\/strong> ve kurallar\u0131 nazik\u00e7e ayarla. Gerekti\u011finde \u201cyumu\u015fak bir balyoz\u201d gibi davran: \u00d6nce uyar (challenge), sonra \u0131srar edilirse engelle. Bu sayede ger\u00e7ek kullan\u0131c\u0131y\u0131 k\u0131rmadan botun nabz\u0131n\u0131 d\u00fc\u015f\u00fcr\u00fcrs\u00fcn.<\/p>\n<h2 id=\"section-4\"><span id=\"Oran_Sinirlama_Ritmi_Sen_Belirle_Sunucu_Sakin_Kalsin\">Oran S\u0131n\u0131rlama: Ritmi Sen Belirle, Sunucu Sakin Kals\u0131n<\/span><\/h2>\n<h3><span id=\"Bazi_Kapilar_Kapasite_Ister_Bazilari_Sabir\">Baz\u0131 Kap\u0131lar Kapasite \u0130ster, Baz\u0131lar\u0131 Sab\u0131r<\/span><\/h3>\n<p>Oran s\u0131n\u0131rlama, bir bak\u0131ma sitenin kap\u0131s\u0131ndaki s\u0131ra y\u00f6netimi. Ayn\u0131 IP k\u0131sa s\u00fcrede \u00e7ok fazla istekte bulunuyorsa, \u201cbir dur, \u00f6nce \u00f6n\u00fcndekiler ge\u00e7sin\u201d diyorsun. Bu, <strong>wp-login.php<\/strong> ve <strong>xmlrpc.php<\/strong> gibi u\u00e7 noktalar i\u00e7in \u015fahane \u00e7al\u0131\u015f\u0131r. Hatta arama sonu\u00e7lar\u0131, yorum g\u00f6nderme, sepet i\u015flemleri gibi eylemlerde de a\u015f\u0131r\u0131 kullan\u0131m tespit edildi\u011finde devreye girer. Burada ama\u00e7 ger\u00e7ek kullan\u0131c\u0131y\u0131 rahats\u0131z etmek de\u011fil; tam tersine, onun i\u00e7in kaynaklar\u0131 korumak.<\/p>\n<p>Panoda Security &gt; WAF &gt; Rate Limiting Rules b\u00f6l\u00fcm\u00fcnden birka\u00e7 ak\u0131ll\u0131 kural ekledi\u011finde, trafi\u011fin ritmi g\u00fczelle\u015fiyor. Mesela \u201cBir IP, 1 dakika i\u00e7inde wp-login.php\u2019ye 5\u2019ten fazla deneme yap\u0131yorsa \u00f6nce challenge, \u0131srar ederse block\u201d gibi basit bir kal\u0131p bile harikalar yarat\u0131r. Teknik detay\u0131 merak ediyorsan, <a href=\"https:\/\/developers.cloudflare.com\/waf\/rate-limiting-rules\/\" target=\"_blank\" rel=\"noopener nofollow\">oran s\u0131n\u0131rlama kurallar\u0131n\u0131n mant\u0131\u011f\u0131na<\/a> h\u0131zl\u0131ca g\u00f6z at\u0131p geri d\u00f6nebilirsin.<\/p>\n<h3><span id=\"Yan_Etkileri_Dusun_Istisnalar_ve_Bypass\">Yan Etkileri D\u00fc\u015f\u00fcn: \u0130stisnalar ve Bypass<\/span><\/h3>\n<p>Her kural\u0131n k\u00fc\u00e7\u00fck s\u00fcrprizleri olabilir. \u00d6rne\u011fin, kendi ofis IP\u2019ni veya y\u00f6netim ekibinin sabit IP\u2019lerini <strong>izinli listeye<\/strong> almak huzur verir. Otomasyon ara\u00e7lar\u0131, mobil uygulamalar veya \u00f6deme sistemleriyle konu\u015fan \u00f6zel u\u00e7 noktalar varsa, <strong>istisna<\/strong> tan\u0131mlamak faydal\u0131 olur. Bir m\u00fc\u015fterimde POS entegrasyonu, yo\u011fun saatlerde k\u0131sa s\u00fcreli patlamalar yap\u0131yordu; kaba bir kural sat\u0131\u015flar\u0131 d\u00fc\u015f\u00fcr\u00fcr, ince ayar ise sistemi korurken kasay\u0131 g\u00fcvende tutar.<\/p>\n<h2 id=\"section-5\"><span id=\"Adim_Adim_Pratik_WordPress_Icin_Sicacik_Bir_Kural_Seti\">Ad\u0131m Ad\u0131m Pratik: WordPress \u0130\u00e7in S\u0131cac\u0131k Bir Kural Seti<\/span><\/h2>\n<h3><span id=\"1_wp-loginphpyi_Sakinlestir\">1) wp-login.php\u2019yi Sakinle\u015ftir<\/span><\/h3>\n<p>\u00d6nce \u015fu kap\u0131y\u0131 bir d\u00fczenleyelim. <strong>WAF \u00f6zel kural\u0131<\/strong> olu\u015ftururken ko\u015fulu basit d\u00fc\u015f\u00fcn: \u201c\u0130stek <strong>wp-login.php<\/strong>\u2019ye gidiyorsa ve k\u0131sa s\u00fcrede \u00e7ok tekrar ediyorsa, challenge veya block uygula.\u201d Ben ba\u015flang\u0131\u00e7ta <strong>Managed Challenge<\/strong> tercih ederim. B\u00f6ylece hatal\u0131 bir e\u015fle\u015fme olursa kullan\u0131c\u0131 bir do\u011frulamadan ge\u00e7er ve yoluna devam eder. A\u015f\u0131r\u0131 \u0131srar olursa bloklamak daha sa\u011fl\u0131kl\u0131. Hatta, y\u00f6netici paneline sadece belirli \u00fclkelerden eri\u015fiyorsan, di\u011fer \u00fclkeler i\u00e7in <strong>challenge<\/strong> koymak ayr\u0131ca i\u015fe yarar.<\/p>\n<h3><span id=\"2_xmlrpcphpyi_Iyice_Kontrol_Et\">2) xmlrpc.php\u2019yi \u0130yice Kontrol Et<\/span><\/h3>\n<p>E\u011fer xmlrpc\u2019ye ihtiyac\u0131n yoksa, en kolay\u0131 <strong>tamamen engellemek<\/strong>. \u0130htiyac\u0131n varsa bile oran s\u0131n\u0131rlama \u015fart. \u201cBir dakika i\u00e7inde art arda bir\u00e7ok POST iste\u011fi\u201d paternini en yak\u0131n arkada\u015f\u0131n gibi g\u00f6r. Bu dosya sald\u0131r\u0131lar\u0131n ve y\u00fck patlamalar\u0131n\u0131n s\u0131k sebebi. K\u00fc\u00e7\u00fck bir not: G\u00fcvendi\u011fin sistemlerin IP\u2019lerini izinli listeye eklemek, kendi otomasyonunun etkilenmemesini sa\u011flar.<\/p>\n<h3><span id=\"3_Arama_Yorum_ve_Formlar_Kibar_Ama_Kararli\">3) Arama, Yorum ve Formlar: Kibar Ama Kararl\u0131<\/span><\/h3>\n<p>Arama sonu\u00e7lar\u0131nda k\u0131sa s\u00fcrede a\u015f\u0131r\u0131 istek geliyorsa, bunu da yumu\u015fak bir \u015fekilde d\u00fczenle. \u00d6nce <strong>challenge<\/strong> ile dene. Ger\u00e7ek kullan\u0131c\u0131 \u00e7o\u011fu zaman bu a\u015famay\u0131 tak diye ge\u00e7er, botlar ise genelde ba\u015fka kap\u0131 arar. Yorum ve kay\u0131t formlar\u0131nda ise, pe\u015f pe\u015fe denemeleri sevmezsin; hem moderasyon y\u00fck\u00fcn artar hem de sunucu yorulur. Oran s\u0131n\u0131rlamayla ritmi sakinle\u015ftirmek, bu alanlarda temiz bir nefes sa\u011flar.<\/p>\n<h3><span id=\"4_Statik_Dosyalar_ve_Onbellek_Yanlis_Hedefe_Kursun_Sikma\">4) Statik Dosyalar ve \u00d6nbellek: Yanl\u0131\u015f Hedefe Kur\u015fun S\u0131kma<\/span><\/h3>\n<p>Botlar her zaman dinamik sayfalara y\u00fcklenmez; bazen g\u00f6rsel ya da CSS gibi statik dosyalara sald\u0131rarak bant geni\u015fli\u011fini s\u00f6m\u00fcr\u00fcr. Burada WAF tek ba\u015f\u0131na yetmeyebilir; <strong>CDN \u00f6nbelle\u011fi<\/strong> do\u011fru ayarlan\u0131rsa, talepler edge\u2019te kar\u015f\u0131lan\u0131r, sunucuna neredeyse hi\u00e7 y\u00fck binmez. G\u00fcvenlik ve performans\u0131 ayn\u0131 hik\u00e2yenin iki karakteri gibi d\u00fc\u015f\u00fcn. Birini iyi yaz\u0131nca, di\u011feri de g\u00fczelle\u015fir. Statik i\u00e7erik politikan\u0131 g\u00fc\u00e7lendirirken, <a href=\"https:\/\/www.dchost.com\/blog\/http-guvenlik-basliklari-rehberi-hsts-csp-ve-digerlerini-ne-zaman-nasil-uygulamalisin\/\" target=\"_blank\" rel=\"noopener\">HTTP g\u00fcvenlik ba\u015fl\u0131klar\u0131n\u0131 do\u011fru ayarlamak<\/a> da hem taray\u0131c\u0131 taraf\u0131nda hem de genel g\u00fcvenlik duru\u015funda i\u015fine yarar.<\/p>\n<h3><span id=\"5_Bot_Davranisini_Izle_Deseni_Gor_Kurali_Incel\">5) Bot Davran\u0131\u015f\u0131n\u0131 \u0130zle: Deseni G\u00f6r, Kural\u0131 \u0130ncel<\/span><\/h3>\n<p>\u0130\u015fin s\u0131rr\u0131 izlemek. Cloudflare etkinlik g\u00fcnl\u00fcklerinde \u201changi u\u00e7 noktaya, hangi saat aral\u0131\u011f\u0131nda, hangi \u00fclke ve kullan\u0131c\u0131 arac\u0131ndan\u201d yo\u011funluk geldi\u011fini g\u00f6r. Kural\u0131n\u0131 \u00f6nce <strong>log<\/strong> veya <strong>simulate<\/strong> modunda g\u00f6zlemleyip, sonra <strong>challenge<\/strong> ve en son <strong>block<\/strong> a\u015famas\u0131na ge\u00e7ir. \u201cHemen k\u0131l\u0131c\u0131 \u00e7ekmek\u201d bazen ger\u00e7ek kullan\u0131c\u0131y\u0131 da yaralar. Panikte de\u011fil, planla ilerle.<\/p>\n<h2 id=\"section-6\"><span id=\"Supheli_Trafigi_Ayirt_Etmenin_Ince_Yollari\">\u015e\u00fcpheli Trafi\u011fi Ay\u0131rt Etmenin \u0130nce Yollar\u0131<\/span><\/h2>\n<h3><span id=\"Insan_Gibi_Gorunen_Botlar\">\u0130nsan Gibi G\u00f6r\u00fcnen Botlar<\/span><\/h3>\n<p>Baz\u0131 botlar kibar davran\u0131r, robots.txt\u2019ye bakar, s\u0131n\u0131rlar\u0131n\u0131 bilir. Baz\u0131lar\u0131 ise k\u0131l\u0131k de\u011fi\u015ftirir. Kullan\u0131c\u0131 ajan\u0131n\u0131 (User-Agent) \u201cChrome\u201d gibi g\u00f6sterip at ko\u015fturanlar\u0131 g\u00f6r\u00fcrs\u00fcn. Burada <strong>davran\u0131\u015f<\/strong> ipucu verir: Ayn\u0131 IP\u2019den \u00e7ok h\u0131zl\u0131 dola\u015f\u0131m, form sonras\u0131nda hemen tekrar deneme, tek bir sayfaya a\u015f\u0131r\u0131 d\u00fc\u015fk\u00fcnl\u00fck gibi i\u015faretleri topla. WAF kurallar\u0131nda bu ipu\u00e7lar\u0131n\u0131 k\u00fc\u00e7\u00fck ko\u015fullara \u00e7evir. D\u00fc\u015f\u00fcn ki, her kural bir \u201chik\u00e2ye filtresi\u201d gibi; ger\u00e7ek kullan\u0131c\u0131 ak\u0131\u015f\u0131n\u0131n ritmine uymayanlar\u0131 kenara al\u0131r.<\/p>\n<h3><span id=\"Ulkeler_ASNler_ve_Bilinen_Kotu_Komsular\">\u00dclkeler, ASN\u2019ler ve Bilinen K\u00f6t\u00fc Kom\u015fular<\/span><\/h3>\n<p>\u00dclke bazl\u0131 k\u0131s\u0131tlama bazen \u00e7ok etkili olur. Ama a\u015f\u0131r\u0131ya ka\u00e7arsan ger\u00e7ek ziyaret\u00e7iyi de k\u0131rars\u0131n. Mesele, sitenin do\u011fas\u0131. Lokal bir hizmet veriyorsan, belirli \u00fclkelere <strong>challenge<\/strong> koymak mant\u0131kl\u0131. K\u00fcresel bir yay\u0131n yap\u0131yorsan, ASN (internet servis sa\u011flay\u0131c\u0131 gruplar\u0131) \u00fczerinden filtrelemek daha nazik olabilir. Ne yaparsan yap, \u00f6nce izle, sonra k\u00fc\u00e7\u00fck k\u00fc\u00e7\u00fck uygula, etkisini g\u00f6r ve \u00f6yle ilerle.<\/p>\n<h3><span id=\"OWASP_Top_10u_Aklinda_Tut\">OWASP Top 10\u2019u Akl\u0131nda Tut<\/span><\/h3>\n<p>WAF kurallar\u0131 sadece botlar\u0131 durdurmak i\u00e7in de\u011fil; s\u0131radan uygulama a\u00e7\u0131klar\u0131n\u0131 da hafifletmek i\u00e7in var. <a href=\"https:\/\/owasp.org\/www-project-top-ten\/\" target=\"_blank\" rel=\"noopener nofollow\">OWASP Top 10<\/a>\u2019daki kategoriler gibi, giri\u015f denemeleri d\u0131\u015f\u0131nda yerele \u00f6zel zafiyetleri d\u00fc\u015f\u00fcn\u00fcrken i\u015fine yarar. Panoda ilgili kural setlerini aktif etmek, uygulama katman\u0131ndaki tats\u0131z s\u00fcrprizleri azalt\u0131r.<\/p>\n<h2 id=\"section-7\"><span id=\"Gercek_Bir_Senaryo_WooCommerce_Magazasinda_Sakinlik_Nasil_Geri_Geldi\">Ger\u00e7ek Bir Senaryo: WooCommerce Ma\u011fazas\u0131nda Sakinlik Nas\u0131l Geri Geldi?<\/span><\/h2>\n<h3><span id=\"Once_Gozlem_Sonra_Akilli_Kurallar\">\u00d6nce G\u00f6zlem, Sonra Ak\u0131ll\u0131 Kurallar<\/span><\/h3>\n<p>Ba\u015fta bahsetti\u011fim WooCommerce ma\u011fazas\u0131nda \u00f6nce sadece izledik. Hangi saatlerde yo\u011funluk, hangi sayfalarda y\u0131\u011f\u0131lma? Grafikte iki tepe netti: Gece yar\u0131s\u0131ndan sonra <strong>wp-login.php<\/strong> ve sabaha kar\u015f\u0131 <strong>xmlrpc.php<\/strong>. \u0130lk i\u015f, <strong>wp-login.php<\/strong> i\u00e7in \u201c1 dakikada 5 deneme \u00fcst\u00fc challenge, 10 \u00fcst\u00fc block\u201d kural\u0131n\u0131 koyduk. \u201cOfis IP\u2019lerini izinli listeye\u201d almay\u0131 da ihmal etmedik. \u0130kinci i\u015f, xmlrpc\u2019yi tamamen kapatmak oldu; gerekli otomasyon i\u00e7inse g\u00fcvenilir IP\u2019den bypass tan\u0131mlad\u0131k.<\/p>\n<p>Ard\u0131ndan arama ve sepet u\u00e7lar\u0131nda k\u0131sa s\u00fcreli y\u00fckseli\u015fleri yumu\u015fatan minik oran s\u0131n\u0131rlama kurallar\u0131 ekledik. Y\u00fck da\u011f\u0131l\u0131m\u0131 daha dengeli hale geldi. En \u00f6nemlisi, bu de\u011fi\u015fiklikleri \u00f6nce <strong>log<\/strong> modunda denedik. Kimseyi \u00fczmeden, sistemin ritmini toparlamak hedefimizdi. Sonu\u00e7? Sunucu y\u00fck\u00fc belirgin d\u00fc\u015ft\u00fc, sayfalar ak\u0131c\u0131 hissettirdi ve m\u00fc\u015fteri destek masas\u0131 sakinle\u015fti.<\/p>\n<h2 id=\"section-8\"><span id=\"Uygularken_Dikkat_Hiz_Onbellek_ve_Guvenlik_Ayni_Hikayenin_Parcasi\">Uygularken Dikkat: H\u0131z, \u00d6nbellek ve G\u00fcvenlik Ayn\u0131 Hik\u00e2yenin Par\u00e7as\u0131<\/span><\/h2>\n<h3><span id=\"Cache_Yan_Etkileri\">Cache Yan Etkileri<\/span><\/h3>\n<p>CDN \u00f6nbelle\u011fi kap\u0131da b\u00fcy\u00fck kazan\u0131m sa\u011flar, ama kurallar\u0131n \u00fcst\u00fcne bindirmemesi i\u00e7in dikkatli ol. Mesela <strong>wp-login.php<\/strong> gibi <em>hi\u00e7bir zaman<\/em> \u00f6nbelle\u011fe al\u0131nmamas\u0131 gereken u\u00e7 noktalar\u0131 ayr\u0131 tut. Aksi halde tatl\u0131 bir karma\u015fa ya\u015fars\u0131n. Dinamik sayfalarda, giri\u015f ve \u00f6deme ad\u0131mlar\u0131nda da ayn\u0131 hassasiyet ge\u00e7erli. G\u00fcvenlik ve h\u0131z birlikte d\u00fc\u015f\u00fcn\u00fclmeli, biri di\u011ferini g\u00f6lgelememeli.<\/p>\n<h3><span id=\"Dogrulama_Akisi\">Do\u011frulama Ak\u0131\u015f\u0131<\/span><\/h3>\n<p>Challenge uygularken kullan\u0131c\u0131 deneyimini unutma. Baz\u0131 do\u011frulama ad\u0131mlar\u0131 mobilde daha hassas olabilir. Bu y\u00fczden \u00f6nce d\u00fc\u015f\u00fck e\u015fikli, yumu\u015fak kurallarla ba\u015fla. Gerekirse kademeli olarak sertle\u015ftir. \u00d6deme ad\u0131m\u0131 gibi kritik noktalar\u0131 bu do\u011frulamalardan m\u00fcmk\u00fcn oldu\u011funca uzak tut, orada oran s\u0131n\u0131rlama \u201cusulca\u201d i\u015fini yapar.<\/p>\n<h2 id=\"section-9\"><span id=\"Kucuk_Bir_Yol_Haritasi_Ilk_Gunden_Itibaren_Uygulanabilir_Adimlar\">K\u00fc\u00e7\u00fck Bir Yol Haritas\u0131: \u0130lk G\u00fcnden \u0130tibaren Uygulanabilir Ad\u0131mlar<\/span><\/h2>\n<h3><span id=\"1_Yonetilen_Kurallari_Ac\">1) Y\u00f6netilen Kurallar\u0131 A\u00e7<\/span><\/h3>\n<p>Security &gt; WAF ekran\u0131ndan y\u00f6netilen kural setlerini etkinle\u015ftir. Bu, bir \u201ctaban savunma\u201d sa\u011flar. \u00d6zellikle WordPress\u2019e \u00f6zg\u00fc bilinen paternler i\u00e7in kap\u0131y\u0131 \u00f6nceden aral\u0131k b\u0131rakma.<\/p>\n<h3><span id=\"2_wp-loginphp_ve_xmlrpcphpyi_Hedefe_Koy\">2) wp-login.php ve xmlrpc.php\u2019yi Hedefe Koy<\/span><\/h3>\n<p>\u0130ki dosya, iki net strateji: wp-login.php i\u00e7in <strong>challenge + kademeli block<\/strong>, xmlrpc i\u00e7in <strong>kapat veya s\u0131k\u0131 oran s\u0131n\u0131r\u0131<\/strong>. Kendi adresin ve g\u00fcvendi\u011fin IP\u2019ler i\u00e7in <strong>bypass<\/strong> hat\u0131rlatmas\u0131n\u0131 yapay\u0131m.<\/p>\n<h3><span id=\"3_Formlar_ve_Arama_Icin_Kibar_Sinirlar\">3) Formlar ve Arama \u0130\u00e7in Kibar S\u0131n\u0131rlar<\/span><\/h3>\n<p>Arama, yorum, kay\u0131t ve sepet eylemlerinde k\u0131sa s\u00fcreli tekrar\u0131 yumu\u015fatan k\u00fc\u00e7\u00fck kurallar ekle. Bot davran\u0131\u015f\u0131n\u0131 nazik\u00e7e so\u011fut, ger\u00e7ek kullan\u0131c\u0131y\u0131 \u00fczme.<\/p>\n<h3><span id=\"4_Logla_Incele_Iyilestir\">4) Logla, \u0130ncele, \u0130yile\u015ftir<\/span><\/h3>\n<p>Kurallar\u0131 \u00f6nce log modunda \u00e7al\u0131\u015ft\u0131r, etkisini g\u00f6r, gerekirse e\u015fikleri ayarla. Usa\u011fa yak\u0131n davran, abartma. Her sitenin ritmi farkl\u0131d\u0131r; e\u015fik de \u00f6yle.<\/p>\n<h3><span id=\"5_Guvenlik_Basliklari_ve_Onbellek_Ayarlarini_Tamamla\">5) G\u00fcvenlik Ba\u015fl\u0131klar\u0131 ve \u00d6nbellek Ayarlar\u0131n\u0131 Tamamla<\/span><\/h3>\n<p>WAF tek ba\u015f\u0131na kahraman de\u011fil, ekiple \u00e7al\u0131\u015f\u0131r. G\u00fcvenlik ba\u015fl\u0131klar\u0131, TLS, cookie ayarlar\u0131 ve CDN \u00f6nbelle\u011fiyle birlikte d\u00fc\u015f\u00fcn. K\u00fc\u00e7\u00fck iyile\u015ftirmeler toplamda b\u00fcy\u00fck fark yarat\u0131r.<\/p>\n<h2 id=\"section-10\"><span id=\"Sik_Karsilasilan_Tuzaklar_ve_Nazik_Cozumler\">S\u0131k Kar\u015f\u0131la\u015f\u0131lan Tuzaklar ve Nazik \u00c7\u00f6z\u00fcmler<\/span><\/h2>\n<h3><span id=\"Cok_Sert_Basladim_Kullanicilar_Giremiyor\">\u201c\u00c7ok Sert Ba\u015flad\u0131m, Kullan\u0131c\u0131lar Giremiyor\u201d<\/span><\/h3>\n<p>Hemen e\u015fikleri yumu\u015fat. \u00d6nce challenge, sonra block. Bir de kendi IP\u2019lerini ve ekibin IP\u2019lerini izinli listeden ge\u00e7irmeyi unutma. \u00d6zellikle ofis a\u011flar\u0131 zaman zaman IP de\u011fi\u015ftirebiliyor; bunu da g\u00f6z \u00f6n\u00fcnde tut.<\/p>\n<h3><span id=\"Botlar_Iceri_Girmiyor_Ama_Trafik_Hala_Yuksek\">\u201cBotlar \u0130\u00e7eri Girmiyor Ama Trafik H\u00e2l\u00e2 Y\u00fcksek\u201d<\/span><\/h3>\n<p>Statik i\u00e7erik taraf\u0131na bak. CDN \u00f6nbelle\u011fi d\u00fczg\u00fcn \u00e7al\u0131\u015f\u0131yor mu? G\u00f6rseller do\u011fru varyantlarla da\u011f\u0131t\u0131l\u0131yor mu? Edge taraf\u0131nda \u00e7\u00f6z\u00fclmeyen istekler sunucuna y\u0131\u011f\u0131l\u0131r. \u00d6nbellek kurallar\u0131n\u0131 g\u00f6zden ge\u00e7ir, \u00f6zellikle <strong>HTML d\u0131\u015f\u0131ndaki i\u00e7eriklerde<\/strong> daha agresif olmay\u0131 d\u00fc\u015f\u00fcn.<\/p>\n<h3><span id=\"Bir_Entegrasyon_Bozuldu\">\u201cBir Entegrasyon Bozuldu\u201d<\/span><\/h3>\n<p>\u00d6deme, kargo, ERP gibi d\u0131\u015f servislerle konu\u015fan u\u00e7 noktalar\u0131 tespit edip WAF\u2019de <strong>istisna<\/strong> tan\u0131mla. Gerekirse ASN veya IP aral\u0131\u011f\u0131n\u0131 izinli listeye al. De\u011fi\u015fikli\u011fin etkisini g\u00f6zlemle ve loglar\u0131 birka\u00e7 g\u00fcn dikkatle izle.<\/p>\n<h2 id=\"section-11\"><span id=\"Gozun_Ustunde_Olsun_Izleme_Alarmlar_ve_Sureklilik\">G\u00f6z\u00fcn \u00dcst\u00fcnde Olsun: \u0130zleme, Alarmlar ve S\u00fcreklilik<\/span><\/h2>\n<h3><span id=\"Alarmlar_Kagida_Yazilmis_Kucuk_Hatirlatmalar_Gibi\">Alarmlar: K\u00e2\u011f\u0131da Yaz\u0131lm\u0131\u015f K\u00fc\u00e7\u00fck Hat\u0131rlatmalar Gibi<\/span><\/h3>\n<p>Cloudflare\u2019da belirli e\u015fikler a\u015f\u0131ld\u0131\u011f\u0131nda alarm kur. Ak\u015fam saatlerinde veya kampanya zamanlar\u0131nda bu alarmlar erken uyar\u0131 sa\u011flar. \u201cFark ettim ama ge\u00e7 kald\u0131m\u201d duygusunu azalt\u0131r.<\/p>\n<h3><span id=\"Haftalik_Rutin_Kucuk_Dokunuslar\">Haftal\u0131k Rutin: K\u00fc\u00e7\u00fck Dokunu\u015flar<\/span><\/h3>\n<p>Haftada bir, etkinlik g\u00fcnl\u00fcklerine k\u0131sa bir g\u00f6z at. Hangi \u00fclkelerden trafik artt\u0131? Hangi kullan\u0131c\u0131 ajanlar\u0131 \u015f\u00fcpheli? Yeni kural eklemekten \u00e7ok, mevcut kural\u0131n <strong>e\u015fiklerini k\u00fc\u00e7\u00fck oynamak<\/strong> \u00e7o\u011fu zaman yeter. B\u00fcy\u00fck de\u011fi\u015fikliklerde \u00f6nce d\u00fc\u015f\u00fck trafikli zamanlar\u0131 se\u00e7, sonra yay\u0131na al.<\/p>\n<h3><span id=\"Dokumantasyon_Yarinki_Sen_Icin_Not_Birak\">Dok\u00fcmantasyon: Yar\u0131nki Sen \u0130\u00e7in Not B\u0131rak<\/span><\/h3>\n<p>Hangi kural neden eklendi, hangi tarihte hangi e\u015fik de\u011fi\u015ftirildi, k\u00fc\u00e7\u00fck bir not d\u00fc\u015f. Bir sorun oldu\u011funda o notlar, d\u00fcn\u00fcn\u00fc bug\u00fcne ba\u011flay\u0131p i\u015fini kolayla\u015ft\u0131r\u0131r.<\/p>\n<h2 id=\"section-12\"><span id=\"Kapanis_Guvenli_Hizli_ve_Sakin_Bir_WordPress_Mumkun\">Kapan\u0131\u015f: G\u00fcvenli, H\u0131zl\u0131 ve Sakin Bir WordPress M\u00fcmk\u00fcn<\/span><\/h2>\n<h3><span id=\"Son_Bir_Nefes_Son_Bir_Ozet\">Son Bir Nefes, Son Bir \u00d6zet<\/span><\/h3>\n<p>WordPress\u2019i botlardan korumak bir defal\u0131k bir hamle de\u011fil; <strong>nazik bir s\u00fcre\u00e7<\/strong>. Cloudflare WAF kurallar\u0131, y\u00f6netilen korumayla temel savunmay\u0131 kurar; \u00f6zelle\u015ftirilmi\u015f kurallar ve oran s\u0131n\u0131rlama ise tam senin sitenin ritmine uygun bir kalkan \u00f6rer. <strong>wp-login.php<\/strong> ve <strong>xmlrpc.php<\/strong> gibi kap\u0131lar\u0131 iyi y\u00f6netir, formlar\u0131 ve aramay\u0131 kibarca s\u0131n\u0131rlarsan, sunucu sakinle\u015fir, kullan\u0131c\u0131 deneyimi de d\u00fczene girer.<\/p>\n<p>Pratik bir tavsiye seti: \u00d6nce izleyerek ba\u015fla, k\u00fc\u00e7\u00fck kurallar dene, e\u015fikleri yava\u015f\u00e7a ayarla, alarmlar\u0131n\u0131 kur ve haftal\u0131k mini bir kontrol listesi olu\u015ftur. Gerekirse Cloudflare\u2019\u0131n dok\u00fcmanlar\u0131na k\u0131sa u\u011fray\u0131p geri d\u00f6n; <a href=\"https:\/\/developers.cloudflare.com\/waf\/\" target=\"_blank\" rel=\"noopener nofollow\">WAF kurallar\u0131<\/a> ve <a href=\"https:\/\/developers.cloudflare.com\/waf\/rate-limiting-rules\/\" target=\"_blank\" rel=\"noopener nofollow\">oran s\u0131n\u0131rlama \u00f6rnekleri<\/a> anla\u015f\u0131l\u0131r referanslar sunuyor. G\u00fcvenli\u011fin yan\u0131nda, h\u0131z ve taray\u0131c\u0131 taraf\u0131 ayarlar\u0131n\u0131 da unutma; bunun i\u00e7in <strong>HTTP ba\u015fl\u0131klar\u0131n\u0131 do\u011fru kullanmak<\/strong> sana g\u00fczel bir kald\u0131ra\u00e7 verir.<\/p>\n<p>Umar\u0131m bu yaz\u0131, kalabal\u0131k bot trafi\u011fi kar\u015f\u0131s\u0131nda yaln\u0131z hissetti\u011fin anlarda elini g\u00fc\u00e7lendirir. K\u00fc\u00e7\u00fck ayarlar b\u00fcy\u00fck fark yarat\u0131r. Sorular\u0131n olursa bana her zaman yazabilirsin; bir sonraki yaz\u0131da ba\u015fka bir \u201cah i\u015fte buymu\u015f\u201d an\u0131n\u0131 birlikte \u00e7\u00f6zmek dile\u011fiyle.<\/p>\n<\/div>","protected":false},"excerpt":{"rendered":"<p>\u0130&ccedil;indekiler1 K\u00fc\u00e7\u00fck Bir Hik\u00e2ye: Bir Sabah Uyan\u0131yorsun ve Site Nefes Nefese2 Botlar WordPress\u2019i Neden Bu Kadar Sever? Ve Biz Buna Ne Yapabiliriz?2.1 Kap\u0131 Neredeyse Hep Ayn\u0131 Yerden Zorlan\u0131r3 Cloudflare WAF\u2019i Sade D\u00fc\u015f\u00fcn: Y\u00f6netilen Kurallar + Hafif Dokunu\u015flu \u00d6zelle\u015ftirme3.1 Y\u00f6netilen Kurallar: Kutudan \u00c7\u0131kan Ak\u0131l3.2 \u00d6zelle\u015ftirme: WordPress\u2019in Zay\u0131f Halkalar\u0131na \u0130yi Gelen K\u00fc\u00e7\u00fck Kurallar4 Oran S\u0131n\u0131rlama: Ritmi Sen [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":1365,"comment_status":"","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[26],"tags":[],"class_list":["post-1364","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-teknoloji"],"_links":{"self":[{"href":"https:\/\/www.dchost.com\/blog\/wp-json\/wp\/v2\/posts\/1364","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.dchost.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.dchost.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.dchost.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.dchost.com\/blog\/wp-json\/wp\/v2\/comments?post=1364"}],"version-history":[{"count":0,"href":"https:\/\/www.dchost.com\/blog\/wp-json\/wp\/v2\/posts\/1364\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.dchost.com\/blog\/wp-json\/wp\/v2\/media\/1365"}],"wp:attachment":[{"href":"https:\/\/www.dchost.com\/blog\/wp-json\/wp\/v2\/media?parent=1364"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.dchost.com\/blog\/wp-json\/wp\/v2\/categories?post=1364"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.dchost.com\/blog\/wp-json\/wp\/v2\/tags?post=1364"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}