Using Cloudflare with WordPress – A Simple Starter’s Guide


When you want to make your website load more quickly for visitors and more secure against malicious hacking efforts, Cloudfare’s global content delivery network (CDN) offers a simple solution.

Thankfully, it’s easy to run Cloudflare on a WordPress website using the Cloudflare WordPress plugin.

Here are the steps you need to follow to start using Cloudflare with WordPress:

  • Step 1: Sign up for Cloudflare
  • Step 2: Install the Cloudflare WordPress plugin
  • Step 3: Login to the Cloudflare API
  • Step 4: Configure Cloudflare settings
  • Step 5: Set browser cache settings
  • Step 6: Configure additional Cloudflare settings

Step 1: Sign Up For Cloudflare

Before installing Cloudflare on your WordPress website, you first need to sign up for a Cloudflare account. Visit Cloudflare and click on 'Sign Up' in the upper right-hand corner.

During the setup process, you will be prompted to enter the address of your website. When Cloudflare asks to query your site’s  Domain Name System (DNS) records, simply click 'Next'.

Cloudflare WordPress add site

At this point, you will need to choose a plan. Cloudflare offers free accounts that include the use of their global CDN, offer defense against DDoS attacks, and allow users to set browser caching rules for up to three web pages.

Paid accounts start at $20/month and offer caching rules for additional pages and a web application firewall. However, using Cloudflare with WooCommerce, WordPress’s integrated e-commerce platform, will need a business plan that starts at $200/month as this plan level offers the ability to cache anonymous page views using a cache that can bypass cookie functionalities.

Cloudflare WordPress Pricing

After confirming your plan, Cloudflare will ask you to verify your DNS address. While this page can be overwhelming, all you need to do is to verify that there is an orange symbol next to the primary domain name of your website. If this is the case, click 'Continue'.

Cloudflare WordPress DNS

Next, you’ll need to update your domain’s nameservers to point to Cloudflare’s servers so that Cloudflare can manage your site's traffic at the DNS level. Doing this requires logging into the host you purchased your domain name from and making the changes as Cloudflare instructs. If you are not able to find where to change the nameservers with your host, you may need to call your host for support.

Cloudflare WordPress Nameservers

Note that changes to the nameserver may take up to 24 hours to take effect, during which time you can configure your Cloudflare account but will not see any changes to the caching or security of your WordPress site. However, you also should not experience any downtime on your website while this change takes place.

Step 2. Install The Cloudflare WordPress Plugin

Once you have an active Cloudflare account, install and activate the Cloudflare WordPress plugin. You can find the plugin in the WordPress plugin marketplace by simply searching 'Cloudflare'. Once you locate it, click 'Install Now', then click 'Activate'.

Step 3. Login To The Cloudflare API

After the Cloudflare plugin is activated, you’ll be prompted to log into the Cloudflare API. For this, you’ll need to enter the email you used to sign up for Cloudflare as well as an API key. The API key can be found in your Cloudflare dashboard under My 'Profile > Account > API Key'. Find the Global API Key and click 'View API Key' to copy the key into the login prompt on WordPress.

Cloudflare WordPress API Key

Step 4. Configure Cloudflare Settings

On the main page of the Cloudflare plugin, click the 'Apply' button to apply Cloudflare’s optimized default settings for your website. These settings affect how the CDN and basic security measures are implemented.

Cloudflare WordPress Plugin settings

In addition, click 'Enable' to enable automatic caching for your site. This ensures that Cloudflare will purge and regenerate its cache of your site any time you make changes to the appearance of your site. When needed, the cache can be manually purged by clicking 'Purge Cache'.

Step 5. Set Browser Cache Expiration

In your Cloudflare dashboard, navigate to the 'Caching' menu to set rules for browser caching and cache expirations. Caching is designed to speed up the rate at which your website loads for visitors, but also increases the number of files that your visitors’ browsers are holding.

Cloudflare WordPress Caching

First, choose your desired browser cache expiration. This is how long your visitors’ browsers will be instructed to keep versions of your website saved for fast loading. Typically, it is recommended to set this to 'Respect Existing Headers'.

Next, choose whether Cloudflare should instruct browsers to load the cached version of your website in case your host’s servers go down. While this is not necessary, it is recommended to enable 'Always Online'.

Step 6. Configure Additional Cloudflare Settings

Cloudflare offers a number of additional settings for the security and visitor experience of your WordPress website. Most notable are the page rules settings and web application firewall, although the latter is only available to paid Cloudflare users.

Any settings that are changed in your Cloudflare dashboard will be reflected on your WordPress site as long as the Cloudflare WordPress plugin remains activated and your global API key remains valid.

Advantages of Cloudflare

By following the steps of the tutorial, you should have your WordPress page improved in no time. These are the main advantages of using Cloudflare:

  • Cached content: Cloudflare can instruct browsers about how to cache a website’s pages and content, which improves page loading speeds, reduces bandwidth use, and cuts down CPU use over your website’s server.
  • Server redundancy: Cloudflare caches your website over a globally distributed network of servers, meaning that a cache of your website will remain online even if your server goes down.
  • Security: Cloudflare helps defend against malicious hacking, and especially distributed denial of service (DDoS) attacks, by offering firewalls and the option to challenge access to a website.

When you add Cloudflare to your website, traffic to your website is sourced through Cloudflare’s network of servers. Still, Cloudflare doesn’t fully replace a traditional website host, so you’ll still need an existing domain host to use Cloudflare and WordPress together.

Thankfully, most major domain hosts have Cloudflare’s software already installed on their servers and some even offer discounted Cloudflare accounts.

Defense Against DDoS Attacks

One of the functions that is available for all users from the Cloudflare WordPress plugin is 'I’m Under Attack' mode. This mode is available as a first-step response when you believe your website is the target of a distributed denial of service (DDoS) attack.

When 'I’m Under Attack' mode is enabled on the plugin, visitors to your site will have to wait approximately five seconds at an intermediary page while Cloudflare analyzes the traffic to confirm that it is coming from a human user as opposed to a robot. Importantly, visitors to your site will need to have both JavaScript and cookies enabled in order to pass this check.

'I’m Under Attack' mode can be disabled with a click on the button in the Cloudflare plugin page.

Final Thoughts On Cloudflare And WordPress

In an age when speed and security are at a premium, it is increasingly important to use a CDN like Cloudflare for your WordPress website. Cloudflare's free CDN is easily integrated with WordPress thanks to the Cloudflare plugin and API, and you still retain access to all browser caching and security configuration settings through the Cloudflare dashboard.

If you found this guide helpful, or have any suggestions on how it could be improved, please let me know by leaving a note in the comments below!

An experienced content professional with a creative mind. If I'm not writing, you can probably find me in the backyard playing with dogs or at some weird art show.
Leave a Comment

Get new blog posts by email: