If you want your website to load more quickly and stay secured against malicious attacks, one simple solution could be using Cloudfare’s global Content Delivery Network (CDN).
Briefly explained, Cloudflare is a worldwide network of data centers where your website's content is stored. Cloudflare serves the website content from a data center closest to the user who wants to visit the website. This significantly improves your website's load time.
Additionally, Cloudflare blocks threats based on a number of factors and protects your site from all the nasties - hackers, spam, DDoS attacks. This adds another safety layer to your website.
Fortunately, it’s easy to run Cloudflare on a WordPress website using the Cloudflare WordPress plugin.
Here are the steps you need to follow to start using Cloudflare with WordPress:
- Step 1: Sign up for Cloudflare
- Step 2: Install the Cloudflare plugin for WordPress
- Step 3: Login to the Cloudflare API
- Step 4: Configure Cloudflare settings
- Step 5: Set browser cache settings
- Step 6: Configure additional Cloudflare settings
Step 1: Sign Up For Cloudflare
Before installing Cloudflare on your WordPress website, you first need to sign up for a Cloudflare account. Visit Cloudflare and click 'Sign Up' in the upper right-hand corner.
During the setup process, you will be prompted to enter the address of your website. When Cloudflare asks to query your site’s Domain Name System (DNS) records, simply click 'Next'.
At this point, you will need to choose a plan.
Cloudflare offers free accounts that allow using their global CDN, defense against DDoS attacks, and setting browser caching rules for up to 3 web pages.
Paid accounts start at $20/month and offer caching rules for additional pages and a web application firewall. You can always explore the features and benefits of Cloudflare before deciding upon a plan.
After you choose your plan, Cloudflare will ask you to verify your DNS address.
While this may seem confusing, all you need to do is to verify that there is an orange symbol next to the primary domain name of your website. If this is the case, click 'Continue'.
Next, you’ll need to update your domain’s nameservers to point to Cloudflare’s servers. This is necessary so that your website's traffic could be routed through Cloudflare's network.
To update the nameservers, log in to the panel of the hosting provider from which you purchased your domain name. Then make the changes following Cloudflare's instructions. If you cannot find the option to change nameservers in your hosting provider's system, you may need to contact the provider's support team.
Note that changes to the nameserver may take up to 24 hours to take effect. During this time, you can configure your Cloudflare account but will not see any changes to the caching or security of your WordPress site. However, you also should not experience any downtime on your website while this change takes place.
Step 2. Install The Cloudflare WordPress Plugin
Once you have an active Cloudflare account, install and activate the Cloudflare WordPress plugin.
Note that this is not mandatory - you can use the Cloudflare dashboard to make changes. But the WordPress Cloudflare plugin is recommended as a convenient way to access the settings through WordPress.
You can find the plugin by choosing 'Plugins' in your WordPress dashboard. Search for 'Cloudflare' and when you locate it, click 'Install Now'.
Once the plugin is installed, click 'Activate Plugin'. You can then manage the installed and activated plugin through the Plugins menu.
Step 3. Login To The Cloudflare API
After the Cloudflare plugin is activated, you’ll be prompted to log in to the Cloudflare API. To do this, you’ll need to enter the email you used to sign up for Cloudflare as well as an API key.
The API key can be found in your Cloudflare dashboard under 'My Profile > Account > API Key'. Find the 'Global API Key' and click 'View API Key', then copy the key and paste it into the login prompt on WordPress.
Step 4. Configure Cloudflare Settings
On the main page of the Cloudflare plugin, click the 'Apply' button to apply Cloudflare’s default settings for your website. These settings affect how the CDN and basic security measures are implemented and it is advised to use them because they are optimized for efficient performance.
In addition, click 'Enable' to enable automatic caching for your site. It is one of the effective ways to speed up your WordPress website.
If automatic caching is enabled, Cloudflare will purge and renew its cache of your site any time you change your website's appearance. If necessary, the cache can be manually purged by clicking 'Purge Cache'.
Step 5. Set Browser Cache Expiration
In your Cloudflare dashboard, navigate to the 'Caching' menu to set rules for browser caching and cache expirations.
Caching is designed to speed up the rate at which your website loads for visitors. However, if the cache is not updated, visitors might see an old version of your site or some functionalities might not work if you make any modifications. To avoid these issues, you need to set the expiration.
First, choose your desired browser cache expiration. This determines how long your visitors’ browsers will be instructed to keep versions of your website saved for fast loading.
Typically, it is recommended to set this to 'Respect Existing Headers'. This means that Cloudflare will update the cache according to your website's individual policies.
Next, decide if you want to enable 'Always Online'. If you do, Cloudflare will instruct browsers to load the cached version of your website in case your host’s servers go down. While this is not necessary, it is recommended to use this setting.
Step 6. Configure Additional Cloudflare Settings
Cloudflare offers a number of additional settings for the enhanced security and user experience of your WordPress website. Most notable are the page rules settings and web application firewall, although the latter is only available with paid Cloudflare plans.
Any settings that are changed in your Cloudflare dashboard will be reflected on your WordPress site as long as the Cloudflare WordPress plugin remains activated and your global API key remains valid.
Best Cloudflare Settings for WordPress
It is recommended to apply the default Cloudflare settings because they are optimized for your WordPress website. There are also additional settings that you may want to try out. You can access these settings through your Cloudflare account page.
"I’m Under Attack" mode. If you are ever under a DDoS attack and have this mode enabled, your visitors will be shown an interstitial page for a couple of seconds. Meanwhile, traffic will be analyzed to confirm the legitimacy of the visitor.
You can enable this mode in your Cloudflare account. Click the Firewall app in the top menu > choose Settings tab > under Security Level, choose I'm Under Attack! from the dropdown menu.
Enable Rocket Loader in your Cloudflare dashboard: go to the Speed tab, scroll down to 'Rocket Loader' and toggle the feature On.
Auto Minify is one of the default settings, but in case you decided not to use them and still want to enable Auto Minify, go to the 'Speed' tab in Cloudflare's dashboard.
Polish. If you decide to use Polish, the images on your domain will be optimized for faster load time. You can choose between Lossless or Lossy, with the latter option compressing images even further. The Lossy option is suitable for most pages, unless you absolutely need your pictures to be extra high-quality.
Note that Polish, as well as other image optimization settings, is not available with the free plan.
Final Thoughts On Cloudflare And WordPress
Cloudflare's Content Delivery Network helps increase the speed and security of WordPress websites. It is available for free and is easy to connect to WordPress. When connected, Cloudflare can be integrated as a WordPress plugin or configured through the Cloudflare dashboard.
If you found our guide helpful or have any suggestions on how it could be improved, please let me know by leaving a note in the comments below!