I noticed that every single WordPress bruteforce attempt on the server came from a Cloudflare IP. So I had to write this:

# Program to download cloudflare ip ranges and block them
use strict;
use warnings;
use LWP::Simple;
my $url='https://www.cloudflare.com/ips-v4';
my $file = '/tmp/cloudflareip.txt';
getstore($url, $file);
open my $info, $file or die "Could not open $file: $!";
while( my $line = <$info>)  {   
    chomp $line; 
    my $cmd='iptables -A INPUT -s '.$line.' -j DROP';
    print $cmd."\n";
close $info;
print "Listing current iptables rules:\n";
my $cmd='iptables -L -n';