This is the core feature of Cloudflare offers, where they will host your DNS and in doing so will also enable the reverse proxy on your site (this can be disabled if required) and offer various services and enhancements. If you have set up Cloudflare like above, it will import your existing NS records by default and you can easily add more if required. Cloudflare also comes in very handy to host DNS if your domain registrar does not provide any options to set advanced NS records or provides limited functionality.<\/span><\/p>\n\n\n\n DNS records are instructions provided by DNS servers that contain information on how to process a domain or a hostname. Different services use various types of DNS records. In our case, we are mainly interested in the Address name commonly known as the A name, and the Canonical name commonly known as the C Name.<\/span><\/p>\n\n\n\n Listed below are some common domain name records –<\/span><\/p>\n\n\n\n http:\/\/www.electricmonk.org.uk\/wp-content\/uploads\/2013\/06\/dns_records.bmp ( Convert it into table )<\/span><\/p>\n\n\n\n For our current requirements, we will only set up the A name and point the www C name to the IP of our server –<\/span><\/p>\n\n\n\n <\/span><\/p>\n\n\n\n As the default setup is sufficient for most users, we will not cover this in detail, for more information you can visit the <\/span>Cloudflare help section.<\/span><\/u><\/p>\n\n\n\n A CDN or Content Delivery Network refers to a group of servers that are geographically distributed around the globe. These servers work together to provide access to your website based on the visitor’s location.<\/p>\n\n\n\n Cloudflare CDN is a free service to sites whose DNS is hosted on Cloudflare. By default, all static assets are cached, and this helps improve load time for your site because the main page is still fetched from your server (you can change this behavior as we will see later on).<\/p>\n\n\n\n Cloudflare then serves these static assets from the data center nearest to the user, reducing loading time and decreasing bandwidth and server load on our server. To enable CDN on your site, the only thing required is that Cloudflare is enabled on your site and it is not in bypass mode, it will show an orange cloud in your NS Record if it’s behind Cloudflare.<\/p>\n\n\n\n As a WordPress user, you also have an option of using other CDNs, we have written about it in the past, which you can read here. As you can see the site is not doing too great by default (we are using Gtmetrix ), Now we will enable the CDN after 2 – 3 refreshes, and we get the following (Things have improved)<\/p>\n\n\n\n As page rules will not allow you to work on your site directly, you will need to set up a local host file entry on your machine, which points your domain directly to your server. You can read about setting these host records. This will also require a Cloudflare plugin installed on your site to clear the cache when you have made the changes. You can download it here or using the internal WordPress Add new plugins search.<\/p>\n\n\n\n Here is a quick comparison of the rule enabled and load time before and after the rules were put in place. You can think of this as your own free Cloudflare APO alternative.<\/p>\n\n\n\n If you wish to take the numbers even further up with nearly 100 ratings on GTMetrix you can explore the nitro boost feature on our WPOhub plugin which delays the JavaScript load and increases both Page speed and GTMetrix performance.<\/p>\n\n\n\n Cloudflare has plenty of options available that can help your website and make it safe and faster, but the problem is not all of them work perfectly with WordPress. But you do not need to worry, given below are some of the best Cloudflare settings that work best for your WordPress site.<\/p>\n\n\n\n Another great feature of Cloudflare is the free SSL offered to all websites hosted through it. This feature ensures that communication between your site and the clients is secure and cannot be snooped. Cloudflare supports multiple ways on how to set it up<\/span>. <\/p>\n\n\n\n Cloudflare provides four SSL\/TLS encryption modes:<\/p>\n\n\n\n We recommend the Full or the Strict mode, The default settings are usually fine for most setups, but if required, you can Tweak the following settings –<\/span><\/p>\n\n\n\n If you are looking for Website Speed Optimization, Cloudflare has a dedicated tab for it. All the settings related to speed optimization can be found under the “Speed” tab.<\/p>\n\n\n\n Cloudflare’s image resizing feature is exclusive to Business plans and when it is configured correctly, it has the following advantages, <\/p>\n\n\n\n For example, if you want to resize the image URL: ” https:\/\/example.com\/wp-content\/uploads\/2024\/09\/sampleimage.jpg “<\/p>\n\n\n\n After Resizing it will be changed into something like this: ” https:\/\/example.com\/cdn-cgi\/image\/fit=contain,format=auto,metadata=none,onerror=redirect,quality=70,width=720\/https:\/\/yourdomain.com\/wp-content\/uploads\/2024\/09\/sampleimage.jpg “<\/p>\n\n\n\n This particular Cloudflare feature is very helpful in minifying cached CSS, JSS, and HTML. In case, you are not using any type of third-party WordPress plugin like WP Rocket to minify assets, it is better to go with Cloudflare’s Auto Minify feature.<\/p>\n\n\n\n WPOven users have an additional advantage in this regard. Apart from Cloudflare’s integration, they can also use WPOven’s Proprietary Minification Plugin and enable integrated WP Rocket, which comes bundled with hosting plans for free.<\/em><\/p>\n\n\n\n Cloudflare’s polish feature is exclusively available for pro plan users and automatically compresses any supported image format your WordPress site has. <\/p>\n\n\n\n Brotli compression is somewhat similar to Gzip compression but follows a different algorithm that makes files smaller for faster transmission over the internet. It was developed by Google and has a better compression ratio than Gzip. <\/p>\n\n\n\n The downside of Brotli is that it’s not widely supported, but that doesn’t mean you shouldn’t enable it. You should go for it, and if the browser doesn’t support it, it will automatically switch to Gzip compression.<\/p>\n\n\n\n Rocket Loader is another feature of cloudflare that helps make websites faster by loading JavaScript files more smartly.<\/p>\n\n\n\n Mirage is another cloudflare’s pro feature that mainly focuses on mobiles and slow-speed connections. This is how it works:<\/p>\n\n\n\n Enhanced HTTP\/2 Prioritization is a feature available only for Cloudflare Pro users. <\/p>\n\n\n\n For better caching, you can follow these settings:<\/p>\n\n\n\n It is recommended that you should Keep “Caching Level” as “Standard”.<\/p>\n\n\n\n Another plus point of using Cloudflare is, that you will have its Web Application Firewall offered on all websites.<\/p>\n\n\n\n We recommend you to follow at least 2 rules, that will help you to protect your website from the majority of the attacks. e.g. DDoS, Brute force, etc.<\/p>\n\n\n\n If you are already using a strong password for your website, then you should not be worried. However, a lot of requests from bots or attackers can harm your CPU and excessive resource usage.<\/p>\n\n\n\n To begin with the rules, first, you need to whitelist your IP address. To do this, Go to Cloudflare Panel > Click on “Firewall” Tab > Tools.<\/p>\n\n\n\n In the Tools section, you can add your IP ( google “what’s my IP” to know your public IP), if you have a dynamic IP you can put in an IP range similar to the IP you are assigned at different times.<\/p>\n\n\n\n Next, we will add a few page rules to address the most common issues we usually see with a standard WordPress Site.<\/p>\n\n\n\n 1. Block access to the wp-login.php, this page is used to log into your site and is a common endpoint for attackers to perform brute-force attacks on, so we will create a rule to check if the browser is being used and also perform additional checks to make sure it is not a bot. You can also use a plugin to hide WordPress login<\/a> to avoid adding this rule. <\/p>\n\n\n\n 2. We will also restrict access to xmlrpc.php, so it is also not used for brute-force attacks on the site, in Firewall under firewall Rules you can create the following rule, we will block all access other than to JetPack (You can find a list of JetPack IP range on this page )<\/p>\n\n\n\n You can also use the expression below and build the rule –<\/p>\n\n\n\n Using these two basic rules we can block the most common brute force and automated threats the WordPress faces.<\/p>\n\n\n\n In Cloudflare’s “Network” settings, turn on HTTP\/2, HTTP\/3 (with QUIC), and 0-RTT Connection Resumption.<\/p>\n\n\n\n As you will be using Cloudflare to cache your static assets or even dynamically generated ones, it is best to install the WordPress plugin provided by Cloudflare. This allows you to clear the Cloudflare cache easily in case you make any updates to your site, it is also needed if you are using the Automatic Platform optimization (APO) feature provided.<\/p>\n\n\n\n To get started with the installation it is quite easy, visit the Add New Plugin section of WordPress and search for Cloudflare, once the plugin is found, simply click Install then activate the plugin, the only configuration required for the plugin is to connect it to Cloudflare so that our site can notify it about the changes.<\/p>\n\n\n\n To connect the site to our Cloudflare plugin we will use the Token Method as we do not wish to share global API so use the following settings to create the custom token –<\/p>\n\n\n\n Once the token is created, copy the token and active the plugin you will see the following page –<\/p>\n\n\n\n Most settings will be already configured for best use. <\/p>\n\n\n\n For complete Step by Step Read:<\/strong> How to install Cloudflare on Your WordPress site?<\/a><\/p>\n\n\n\n If you use Cloudflare, by default it caches only static assets of a website. But it can also cache webpages if required. The only problem is, that you have to go for some extra steps to update and work with the website.<\/p>\n\n\n\n But this problem can also be solved if you choose to use Cloudflare WordPress Plugin. The plugin will make everything automatic for you and reduce these extra steps.<\/p>\n\n\n\n Let us see how it works.<\/p>\n\n\n\n With APO, all website asses, that include pages are moved to the edge nodes. It reduces the TTFP of the website globally and enhances the overall user experience. <\/p>\n\n\n\n This functionality is available as a 5$ paid addon on the free plan and requires an additional Cloudflare WordPress Plugin to be added to the site. Argo and Railgun are two performance-enhancing features offered by cloudflare.<\/p>\n\n\n\n Railgun is another Cloudflare tool that speeds up how fast your website’s content gets to visitors. This is how it works:<\/p>\n\n\n\n Understanding how to configure Cloudflare settings properly, along with its official settings for WordPress sites, can enhance the speed, security, and performance of your website.<\/p>\n\n\n\n Cloudflare is one of the best things that could happen to any WordPress site, regardless of the type of business you run. It can be a boon that adds a tremendous amount of value to your website. Pairing it with WordPress and the fastest WordPress-managed hosting<\/a>, nobody can beat your website’s success in the long run.<\/p>\n\n\n\n Yes, using Cloudflare with WordPress is generally recommended. It can improve your site’s performance, security, and reliability through features like content delivery network (CDN), security protection, and DNS management. Plus, Cloudflare offers a free plan with basic features, making it accessible to all WordPress users.<\/p>\n\n<\/div>\n<\/div>\n Cloudflare is best known for providing security and content delivery networks (CDNs). Therefore, when you enable Cloudflare on your WordPress site, it can protect against various threats such as DDoS attacks, malware attacks, etc. However, it doesn’t mean you should not take any action on your end. You should also host your website on secure and reputable dedicated servers<\/a>.<\/p>\n\n<\/div>\n<\/div>\n Yes, Cloudflare can indirectly improve SEO by speeding up page loading times, enhancing website security, reducing downtime, and providing SSL encryption. These factors contribute to a better user experience and increased trust from search engines, potentially leading to improved SEO rankings.<\/p>\n\n<\/div>\n<\/div>\n<\/div>\n<\/div>","protected":false},"excerpt":{"rendered":" As a Cloudflare partner, we recommend using Cloudflare as a DNS, firewall, and CDN for the sites we host at WPOven. This guide serves as a small reference for setting up Cloudflare and its official WordPress Plugin to leverage the best Cloudflare features for your WordPress site.<\/p>\n It covers how to use Cloudflare and configure its settings, both on the web version and through the Cloudflare WordPress plugin, to improve speed and security. This guide applies to everyone using WordPress and interested in using Cloudflare, … <\/p>\n\n
![\"\"](\"https:\/\/www.wpoven.com\/blog\/wp-content\/uploads\/2021\/01\/cloudflare_dns_default-1024x261.png\" "\\"\\"")
<\/figure>\n\n\n\nAbout Cloudflare Content Delivery Network (CDN)<\/h2>\n\n\n\n
![\"\"](\"https:\/\/www.wpoven.com\/blog\/wp-content\/uploads\/2021\/01\/cdn.jpg\" "\\"\\"")
<\/figure>\n\n\n\n
Here is a quick comparison of loading time with CDN enabled and CDN for a Vanilla eCommerce site currently, there are no optimizations applied (Since the site is hosted in a Dallas data center, we did the test from Sydney) –<\/p>\n\n\n\n![\"\"](\"https:\/\/www.wpoven.com\/blog\/wp-content\/uploads\/2021\/01\/gtmetric_speedup_1-1024x619.png\" "\\"\\"")
<\/figure>\n\n\n\n![\"\"](\"https:\/\/www.wpoven.com\/blog\/wp-content\/uploads\/2021\/01\/gtmetric_speedup_2-1024x603.png\" "\\"\\"")
If you wish to go even further and mainly run a static HTML site, you can improve things further and have Cloudflare completely cache your site and load fast the world over. To do this, you will need to add a few page rules in Cloudflare, this will make Cloudflare cache the main pages and reduce the Time to First Byte (TTFB) even further.<\/p>\n\n\n\n![\"\"](\"https:\/\/www.wpoven.com\/blog\/wp-content\/uploads\/2021\/01\/pagerule_fullcache.png\" "\\"\\"")
<\/figure>\n\n\n\n![\"GTmetrix](\"https:\/\/www.wpoven.com\/blog\/wp-content\/uploads\/2021\/01\/gtmetric_speedup_3-1024x601.png\" "\\"\\"")
![\"CDN](\"https:\/\/www.wpoven.com\/blog\/wp-content\/uploads\/2021\/01\/keycdn_global_ping.png\" "\\"\\"")
How to configure Cloudflare settings for optimum results? <\/h2>\n\n\n\n
\n
1. Cloudflare SSL<\/span><\/h3>\n\n\n\n
\n
![\"\"](\"https:\/\/www.wpoven.com\/blog\/wp-content\/uploads\/2021\/01\/cloudflare_ssl_setup.png\" "\\"\\"")
<\/figure>\n\n\n\n2. Always Go for HTTPS<\/h3>\n\n\n\n
\n
![\"\"](\"https:\/\/www.wpoven.com\/blog\/wp-content\/uploads\/2021\/01\/cloudflare_ssl_report-1024x638.png\" "\\"\\"")
<\/figure>\n\n\n\n3. Cloudflare Speed Optimization<\/h3>\n\n\n\n
3.1 Image Resizing<\/h4>\n\n\n\n
\n
3.2 Auto Minify<\/h4>\n\n\n\n
3.3 Cloudflare Polish<\/h4>\n\n\n\n
\n
3.4 Brotli compression<\/h4>\n\n\n\n
3.5 Rocket Loader<\/h4>\n\n\n\n
\n
3.6 Mirage <\/h4>\n\n\n\n
\n
3.7 Enhanced HTTP\/2 Prioritization<\/h4>\n\n\n\n
\n
4. Caching Settings<\/h3>\n\n\n\n
![\"Caching](\"https:\/\/www.wpoven.com\/blog\/wp-content\/uploads\/2024\/04\/image-35-1024x468.png\" "\\"\\"")
\n
4.1 Enable Crawler Hints<\/h4>\n\n\n\n
![\"Enable](\"https:\/\/www.wpoven.com\/blog\/wp-content\/uploads\/2024\/04\/image-31.png\" "\\"\\"")
\n
4.2 Enable Always Online<\/h4>\n\n\n\n
![\"Always](\"https:\/\/www.wpoven.com\/blog\/wp-content\/uploads\/2024\/04\/image-33.png\" "\\"\\"")
\n
4.3 Caching level<\/h4>\n\n\n\n
4.4 Enable Smart Tiered Cache Topology<\/h4>\n\n\n\n
![\"Tiered](\"https:\/\/www.wpoven.com\/blog\/wp-content\/uploads\/2024\/04\/image-30.png\" "\\"\\"")
\n
4.5 Enable Cache Reserve<\/h4>\n\n\n\n
![\"Cache](\"https:\/\/www.wpoven.com\/blog\/wp-content\/uploads\/2024\/04\/image-34.png\" "\\"\\"")
\n
5. WordPress Firewall using Cloudflare<\/span><\/h3>\n\n\n\n
![\"\"](\"https:\/\/www.wpoven.com\/blog\/wp-content\/uploads\/2021\/01\/cloudflare_ip_whitelist-1024x651.png\" "\\"\\"")
<\/figure>\n\n\n\n
Create a Page rule like given below and deploy it –<\/p>\n\n\n\n![\"\"](\"https:\/\/www.wpoven.com\/blog\/wp-content\/uploads\/2021\/01\/cloudflare_wp_login.png\" "\\"\\"")
<\/figure>\n\n\n\n![\"\"](\"https:\/\/www.wpoven.com\/blog\/wp-content\/uploads\/2021\/01\/cloudflare_firewall_rules-1024x689.png\" "\\"\\"")
<\/figure>\n\n\n\n(http.request.uri contains \"xmlrpc.php\" and not ip.src in {192.0.64.0\/24 192.0.65.0\/24 192.0.66.0\/24 192.0.67.0\/24 192.0.68.0\/24 192.0.69.0\/24 192.0.70.0\/24 192.0.71.0\/24 192.0.72.0\/24 192.0.73.0\/24 192.0.74.0\/24 192.0.75.0\/24 192.0.76.0\/24 192.0.77.0\/24 192.0.78.0\/24 192.0.79.0\/24 192.0.80.0\/24 192.0.81.0\/24 192.0.82.0\/24 192.0.83.0\/24 192.0.84.0\/24 192.0.85.0\/24 192.0.86.0\/24 192.0.87.0\/24 192.0.88.0\/24 192.0.89.0\/24 192.0.90.0\/24 192.0.91.0\/24 192.0.92.0\/24 192.0.93.0\/24 192.0.94.0\/24 192.0.95.0\/24 192.0.96.0\/24 192.0.97.0\/24 192.0.98.0\/24 192.0.99.0\/24 192.0.100.0\/24 192.0.101.0\/24 192.0.102.0\/24 192.0.103.0\/24 192.0.104.0\/24 192.0.105.0\/24 192.0.106.0\/24 192.0.107.0\/24 192.0.108.0\/24 192.0.109.0\/24 192.0.110.0\/24 192.0.111.0\/24 192.0.112.0\/24 192.0.113.0\/24 192.0.114.0\/24 192.0.115.0\/24 192.0.116.0\/24 192.0.117.0\/24 192.0.118.0\/24 192.0.119.0\/24 192.0.120.0\/24 192.0.121.0\/24 192.0.122.0\/24 192.0.123.0\/24 192.0.124.0\/24 192.0.125.0\/24 192.0.126.0\/24 192.0.127.0\/24})<\/code><\/pre>\n\n\n\n6. Cloudflare’s Network Settings<\/h3>\n\n\n\n
![\"Cloudflare](\"https:\/\/www.wpoven.com\/blog\/wp-content\/uploads\/2024\/04\/image-32.png\" "\\"\\"")
\n
How to configure Cloudflare WordPress plugin settings for optimum results?<\/h2>\n\n\n\n
![\"\"](\"https:\/\/www.wpoven.com\/blog\/wp-content\/uploads\/2021\/01\/cloudflare_wordpress_token.png\" "\\"\\"")
<\/figure>\n\n\n\n![\"Wordpress](\"https:\/\/www.wpoven.com\/blog\/wp-content\/uploads\/2021\/01\/cloudflare_plugin_home-1024x484.png\" "\\"\\"")
<\/figure>\n\n\n\n1. Cloudflare Automatic Platform Optimization (APO)<\/span><\/h3>\n\n\n\n
As this is a paid addon we will not be covering it here at the moment.<\/p>\n\n\n\n2. Argo and Railgun<\/h3>\n\n\n\n
Argo<\/h4>\n\n\n\n
\n
Railgun<\/h4>\n\n\n\n
\n
Summary<\/h2>\n\n\n\n
![\"Managed](\"https:\/\/www.wpoven.com\/blog\/wp-content\/uploads\/2023\/04\/CTA_final-1024x210.png\" "\\"\\"")
<\/a><\/figure>\n\n\n\nFrequently Asked Questions<\/h2>\n\n\n
Should I use Cloudflare with WordPress?<\/h3>\n
How do I protect my WordPress with Cloudflare?<\/h3>\n
Does Cloudflare improve SEO?<\/h3>\n