> Blocking at the edge (on the CDN) is another, and it would be even quicker ;-) (I use Cloudflare, a Cloudflare worker could be set to answer /wp-login.php or anything, without even reaching my own server.)
With HTTPS, blocking on the edge requires using a CDN that holds your secret keys. The only way they could block paths is being able to decrypt requests since the path is encrypted. If you trust Cloudflare or someone else to manage your secrets, this will work, but if you are terminating your HTTPS connections, you'll need to handle it with your own infrastructure as people above have.
With HTTPS, blocking on the edge requires using a CDN that holds your secret keys. The only way they could block paths is being able to decrypt requests since the path is encrypted. If you trust Cloudflare or someone else to manage your secrets, this will work, but if you are terminating your HTTPS connections, you'll need to handle it with your own infrastructure as people above have.