When you want to make your website load more quickly for visitors and more secure against malicious hacking efforts, Cloudfare’s global content delivery network (CDN) offers a simple solution.
Thankfully, it’s easy to run Cloudflare on a WordPress website using the Cloudflare WordPress plugin.
Here are the steps you need to follow to start using Cloudflare with WordPress:
- Step 1: Sign up for Cloudflare
- Step 2: Install the Cloudflare WordPress plugin
- Step 3: Login to the Cloudflare API
- Step 4: Configure Cloudflare settings
- Step 5: Set browser cache settings
- Step 6: Configure additional Cloudflare settings
Step 1: Sign Up For Cloudflare
Before installing Cloudflare on your WordPress website, you first need to sign up for a Cloudflare account. Visit Cloudflare and click on 'Sign Up' in the upper right-hand corner.
During the setup process, you will be prompted to enter the address of your website. When Cloudflare asks to query your site’s Domain Name System (DNS) records, simply click 'Next'.
At this point, you will need to choose a plan. Cloudflare offers free accounts that include the use of their global CDN, offer defense against DDoS attacks, and allow users to set browser caching rules for up to three web pages.
Paid accounts start at $20/month and offer caching rules for additional pages and a web application firewall. However, using Cloudflare with WooCommerce, WordPress’s integrated e-commerce platform, will need a business plan that starts at $200/month as this plan level offers the ability to cache anonymous page views using a cache that can bypass cookie functionalities.
After confirming your plan, Cloudflare will ask you to verify your DNS address. While this page can be overwhelming, all you need to do is to verify that there is an orange symbol next to the primary domain name of your website. If this is the case, click 'Continue'.
Next, you’ll need to update your domain’s nameservers to point to Cloudflare’s servers so that Cloudflare can manage your site's traffic at the DNS level. Doing this requires logging into the host you purchased your domain name from and making the changes as Cloudflare instructs. If you are not able to find where to change the nameservers with your host, you may need to call your host for support.
Note that changes to the nameserver may take up to 24 hours to take effect, during which time you can configure your Cloudflare account but will not see any changes to the caching or security of your WordPress site. However, you also should not experience any downtime on your website while this change takes place.
Step 2. Install The Cloudflare WordPress Plugin
Once you have an active Cloudflare account, install and activate the Cloudflare WordPress plugin. You can find the plugin in the WordPress plugin marketplace by simply searching 'Cloudflare'. Once you locate it, click 'Install Now', then click 'Activate'.
Step 3. Login To The Cloudflare API
After the Cloudflare plugin is activated, you’ll be prompted to log into the Cloudflare API. For this, you’ll need to enter the email you used to sign up for Cloudflare as well as an API key. The API key can be found in your Cloudflare dashboard under My 'Profile > Account > API Key'. Find the Global API Key and click 'View API Key' to copy the key into the login prompt on WordPress.
Step 4. Configure Cloudflare Settings
On the main page of the Cloudflare plugin, click the 'Apply' button to apply Cloudflare’s optimized default settings for your website. These settings affect how the CDN and basic security measures are implemented.
In addition, click 'Enable' to enable automatic caching for your site. This ensures that Cloudflare will purge and regenerate its cache of your site any time you make changes to the appearance of your site. When needed, the cache can be manually purged by clicking 'Purge Cache'.
Step 5. Set Browser Cache Expiration
In your Cloudflare dashboard, navigate to the 'Caching' menu to set rules for browser caching and cache expirations. Caching is designed to speed up the rate at which your website loads for visitors, but also increases the number of files that your visitors’ browsers are holding.
First, choose your desired browser cache expiration. This is how long your visitors’ browsers will be instructed to keep versions of your website saved for fast loading. Typically, it is recommended to set this to 'Respect Existing Headers'.
Next, choose whether Cloudflare should instruct browsers to load the cached version of your website in case your host’s servers go down. While this is not necessary, it is recommended to enable 'Always Online'.
Step 6. Configure Additional Cloudflare Settings
Cloudflare offers a number of additional settings for the security and visitor experience of your WordPress website. Most notable are the page rules settings and web application firewall, although the latter is only available to paid Cloudflare users.
Any settings that are changed in your Cloudflare dashboard will be reflected on your WordPress site as long as the Cloudflare WordPress plugin remains activated and your global API key remains valid.
Advantages of Cloudflare
By following the steps of the tutorial, you should have your WordPress page improved in no time. These are the main advantages of using Cloudflare:
- Cached content: Cloudflare can instruct browsers about how to cache a website’s pages and content, which improves page loading speeds, reduces bandwidth use, and cuts down CPU use over your website’s server.
- Server redundancy: Cloudflare caches your website over a globally distributed network of servers, meaning that a cache of your website will remain online even if your server goes down.
- Security: Cloudflare helps defend against malicious hacking, and especially distributed denial of service (DDoS) attacks, by offering firewalls and the option to challenge access to a website.
When you add Cloudflare to your website, traffic to your website is sourced through Cloudflare’s network of servers. Still, Cloudflare doesn’t fully replace a traditional website host, so you’ll still need an existing domain host to use Cloudflare and WordPress together.
Thankfully, most major domain hosts have Cloudflare’s software already installed on their servers and some even offer discounted Cloudflare accounts.
Defense Against DDoS Attacks
One of the functions that is available for all users from the Cloudflare WordPress plugin is 'I’m Under Attack' mode. This mode is available as a first-step response when you believe your website is the target of a distributed denial of service (DDoS) attack.
'I’m Under Attack' mode can be disabled with a click on the button in the Cloudflare plugin page.
Final Thoughts On Cloudflare And WordPress
In an age when speed and security are at a premium, it is increasingly important to use a CDN like Cloudflare for your WordPress website. Cloudflare's free CDN is easily integrated with WordPress thanks to the Cloudflare plugin and API, and you still retain access to all browser caching and security configuration settings through the Cloudflare dashboard.
If you found this guide helpful, or have any suggestions on how it could be improved, please let me know by leaving a note in the comments below!