How to Set Up CloudFlare for WordPress – The Complete Guide
Want to add your WordPress site to Cloudflare?
Page speed and security should be two issues on the mind of every WordPress site owner.
WordPress security should always be a concern too. 70% of WordPress installations are vulnerable to hacking, so every bit of security you can add is a huge win.
Want a way to take out two birds with one stone? Install Cloudflare for your WordPress site.
Cloudflare is a CDN that also acts as a proxy between your website and your visitors. This dual action allows Cloudflare to both:
- Serve up content quickly
- Filter malicious users before they reach your site
In one package, you get faster page load times and enhanced security. It’s pretty awesome.
In this post, I’ll discuss some pros and cons for Cloudflare and then show you exactly how to set up Cloudflare for WordPress.
Advantages of Cloudflare
On average, Cloudflare sites:
- Load twice as fast
- Use 30% less bandwidth
- Experience 65% fewer requests
Cloudflare has hundreds of servers scattered around the world, so your content can always load from the place nearest to your visitors.
Cloudflare also amps up your security by:
- Helping you implement SSL if you haven’t done so already
- Blocking SQL injection
- Fighting crawlers and email harvesters
- Blocking comment spam
- Ensuring browser integrity
Disadvantages of Cloudflare
One negative of Cloudflare is that you no longer control your own nameservers. Now, Cloudflare is a trustworthy company, so I don’t think this is too big of a deal. But if Cloudflare ever experienced an outage, your site would go down as a result.
I don’t think this scenario is likely. But, losing control of your nameservers is a small detail to keep in the back of your mind.
How to Add Your WordPress Site to Cloudflare
The basic process of adding your WordPress site to Cloudflare is pretty painless. In fact, you can probably complete the whole process in less than 10 minutes. Most of it is done outside your WordPress site, though you will need access to your hosting/domain registrar account to change your DNS details at one point.
1. Sign Up for a Cloudflare Account
The first thing you need to do is sign up for an account at Cloudflare. Click this link to go straight to the signup page and enter your basic account information.
Once you’ve created your account, Cloudflare will take you through a setup wizard to configure everything.
Let’s go through the steps…
2. Add Your Website
Once you sign in, you should see a prompt to add a website. All you need to do is enter your site’s domain name/URL and click Add site:
Next, Cloudflare will show you a list of paid plans. If you want to use a paid plan you can do that. However, I’m more of a “free” type of guy. So if you want to join me on the free plan, you can just select the free option (it’s hidden at the bottom) and then click Continue:
3. Verify Your DNS Records
Next, Cloudflare will scan and import your site’s DNS records. These are the details that actually link your domain name to your web server. They also might do other things like connect to your email hosting service or verify your site with Google Search Console.
If you’re an advanced user, you can make changes here if needed. However, if you’re a casual user, really all you need to do is make sure that you see the orange cloud icon next to your main domain name. This means that Cloudflare’s CDN/security features are activated for your site.
In general, when in doubt, just leave things as the default!
Then, click Continue at the bottom.
4. Change Your Nameservers
Now’s the first time when you’ll need to step away from the Cloudflare interface. Changing your nameservers, aka your DNS, requires you to go to the domain registrar where you registered your domain name. For example, if you bought your domain name from Namecheap, you’ll need to edit your nameservers via your Namecheap account.
If you registered your domain through your hosting provider, you’ll need to use your hosting interface to change your nameservers.
If you’re not sure how to do this, I recommend consulting your domain registrar’s support documentation.
Once you find the area to change your nameservers, switch your current nameservers to the new ones Cloudflare gives you:
Once you’ve done that, click the Done, check nameservers button.
5. Go Through the Quick Start Guide
Next, Cloudflare should launch a quick start guide to help you configure some basic settings. You can skip it if you want, but I recommend clicking the Get started button to set things up while you wait for your nameservers to update:
Cloudflare will explain each setting. If you’re not sure what a specific setting does, I recommend just leaving everything as the default. You can always adjust these later on.
6. Wait for Your Nameservers to Update
At this point, you’re pretty much finished. It might take some time for your site’s nameservers to update (up to 24 hours, but usually much faster). While you’re waiting, you’ll see a screen like this:
Once the nameservers update, you’ll see a success message.
Next, let’s jump over to the WordPress plugin, and then I’ll come back to some more advanced settings that you can configure in the Cloudflare dashboard.
How to Set Up the Official Cloudflare WordPress Plugin
You aren’t required to use the official Cloudflare WordPress plugin to use your site with Cloudflare. However, I do recommend it, especially for beginners, as it can help you automatically configure your WordPress site to function optimally with Cloudflare. It also lets you purge your cache from inside WordPress, which is more convenient than needing to do everything via the Cloudflare dashboard.
Here’s how to set it up…
1. Install the Plugin
To get started, install, and activate the free plugin from WordPress.org.
2. Generate a Cloudflare API Token
Next, you need to generate an API token, which is what lets you securely connect your WordPress site to Cloudflare.
To do that, go to this page and then click the Create Token button:
On the next screen, select the WordPress API token template and click Use template:
On the next screen, leave every setting as the default except two. First, use the Account Resources section to choose your Cloudflare account.
Then, use the Zone Resources setting to select Specific zone and then choose the specific WordPress site that you’re adding to Cloudflare (if you have multiple sites in Cloudflare):
Then, scroll to the bottom and click the Continue to summary button. On the next screen, click the Create Token button.
Now, you should see your token – keep this handy because you’re going to need it in the next step:
3. Authenticate Cloudflare Plugin
Now, go to Settings -> Cloudflare in your WordPress dashboard. Choose the option to Sign in here:
Now, you’ll need to enter:
- The email of your Cloudflare account.
- The API Token that you created in the previous step.
Then, click the Save API Credentials button:
4. Apply WordPress Settings
Now, you should be able to access the plugin’s settings when you go to Settings -> Cloudflare in your WordPress dashboard.
If you’re a beginner, I recommend just choosing the Apply Recommended Cloudflare Settings for WordPress and calling it a day:
In the next section, I’ll dig into some of the advanced settings that you can configure in the Cloudflare dashboard.
How to Configure Settings in the Cloudflare Dashboard
To control its many performance and security features, Cloudflare gives you a wealth of options in the full Cloudflare dashboard (as well as some options in your WordPress dashboard if you’re using the plugin).
There’s a lot that you can configure here. However, if you’re a casual user, I recommend leaving most settings as the default.
With that being said, I will take a look at a few of the most useful settings to consider.
The SSL/TLS tab lets you control how Cloudflare handles SSL. Here, your choice should depend on whether or not you already have a free SSL certificate from your host (which most hosts offer nowadays).
If you do already have an SSL certificate, you should choose Full or Full (strict). However, if your host doesn’t offer a free SSL certificate, you can choose the Flexible option so that you’re still able to get the green padlock in web browsers like Chrome:
The Page Rules tab houses a really useful feature that lets you create rules to treat certain content on your site differently.
If you’re on a free Cloudflare plan, you can create up to three page rules per site, while paid plans get more rules.
Some examples of what you can do are:
- Apply a higher level of security to your WordPress admin dashboard.
- Fully cache certain types of content.
- Exclude certain content from the Cloudflare CDN.
There are two parts to page rules:
- The rule itself. You can add a single rule or apply multiple rules at the same time.
- The URL(s) where you want to apply the rule. You can use patterns either to bulk apply the rule to certain URLs. For example, you could use a pattern to target every single URL inside your wp-admin dashboard.
One rule that I recommend to all WordPress sites is adding some extra security to your dashboard and also excluding your dashboard from Cloudflare’s caching.
To set this up, create a new page rule for
yoursite.com/wp-admin* (making sure to replace it with your actual domain name – e.g.
wplift.com/wp-admin*. Then, set up the rules as follows:
Then, click Save and Deploy.
You also might want to create other rules that are unique to your site.
The Speed tab houses some important options to further improve your site’s performance. For example, you can enable:
- Minification – only do this if you’re not already using a plugin that minifies your site’s code.
- Brotli compression – this is an alternative to Gzip compression that might offer even larger file savings.
You can play around with these different settings to see how they affect your site’s speed.
You can also explore the rest of the settings, as there are lots of other options. However, many of the settings require a paid plan, so you won’t be able to take advantage of every single feature.
How to Use Cloudflare Full-Page Caching With WordPress
If you’re really worried about global performance, you can configure Cloudflare to cache your entire site on its global network of servers (rather than just static assets like your images).
This gets a little complex to do properly, which is why we wrote an entire guide on how to set up full-page Cloudflare caching for WordPress.
Does Cloudflare Affect SEO?
I know some people are concerned that Cloudflare might have a negative effect on SEO. Don’t worry – Cloudflare worked directly with search engines to ensure that search engines can still properly crawl everything. Cloudflare won’t have any negative effects on your SEO.
With its many performance and security features, Cloudflare is an excellent tool for most WordPress sites. Give it a try and let us know how it works.
Still have any questions about using Cloudflare with WordPress? Ask us in the comments!