Cloudflare’s Access feature is one of favorite features they provide because it makes it super easy to implement 2 Factor authentication. First, know that this isn’t 100% secure and you should implement additional security measures both in your WordPress installation and at the server level, because if someone finds the server IP address they may be able to bypass this completely.
However, I am using it primarily to stop the first layer of simple brute-force attempts and bot attacks. And it has worked well so far. What I like about this is that it stops the attempt at Cloudflare’s proxy level and thereby none of those attempts that are intercepted hit my server so it reduces server load.
Secondly, what I like about this is that it is easy and quick to set up. It takes me less than 5 minutes on average per site where I have enabled this.