Give Your WordPress Site A Security And Performance Boost With CloudFlare

Give Your WordPress Site A Security And Performance Boost With CloudFlare

At WPMU DEV we make extensive use of the Cloudflare CDN to improve our websites’ performance and security.

But these benefits are not just the domain of larger sites. Implementing Cloudflare on your site is quick, easy and can be done without making any changes to your WordPress site.

And it’s free.

Composite Weekend WordPress Project image
Setting up CloudFlare for your site is quick and easy and brings potential massive benefits


A CDN (content delivery network) is primarily designed for speeding up the delivery of static content such as images, video, documents and CSS. It does this by storing a copy of those assets on a network of servers around the world and then delivering that asset from the server that is closest to the user making the request.

Some CDNs, such as Amazon, require you to perform the initial load and then use the CDN’s url when referencing the asset. The CDN will then determine from the request which server to use to actually service the request.

Other CDNs, such as Cloudflare, operate further upstream at the DNS level. Effectively, you route all your traffic through Cloudflare (by changing your nameservers to their nameservers), it analyses each request, serves those that it has an asset for (it grabs the assets in an initial scan) and passes the others through to your site (mostly your dynamic content such as posts and pages).

The DNS approach has several distinct advantages:

  • Quick and easy to set up – it’s just a matter of changing your nameservers
  • Easily reversed – just change your nameservers back to your hosting provider to remove Cloudflare
  • Improved security – Cloudflare gets to look at every single request and can automatically filter out those that are from known suspicious IP addresses
  • No changes to publishing process

Add that list the fact that Cloudflare has a free tier in its product list then using Cloudflare for your WordPress site is pretty compelling.

Setting Up Cloudflare From CPanel

You may actually find that installing Cloudflare is as simple as filling in a single form as many hosting providers have support for Cloudflare built into CPanel.

Log into your CPanel and look for Cloudflare:

screengrab of a CPanel screen showing a link to CloudFlare
You might find you have CloudFlare support available in your CPanel

Clicking on the CloudFlare icon will take you to a single form.

Setting up CloudFlare in CPanel takes less time than reading the blurb
Setting up CloudFlare in CPanel takes less time than reading the blurb

Enter your email address and a CloudFlare account will be configured for you; you can then select which sites you want use CloudFlare with.

Setting Up Via The CloudFlare Website

If your hosting provider doesn’t have CloudFlare support in CPanel then you’ll need to set up your CloudFlare account on the CloudFlare website.

  1. Go to cloudflare.com
  2. Click on Sign Up and complete the user registration details
  3. Enter the URL of the site you wish to use CloudFlare with. CloudFlare will then spend around 30 to 40 seconds determining your site’s DNS entries
  4. Once the scan is complete you get to review all the DNS settings that CloudFlare found. The most important item to notice is that CloudFlare will create a new ftp sub-domain for ftp access to the site
  5. Choose your initial settings – just keep them as suggested if you are unsure and CloudFlare will return with new nameserver settings:
Screengrab of CloudFlare's nameserver settgins
CloudFlare handles all your DNS requests, so you need to change your nameserver settings

To complete the set up, you need to change the nameserver settings for your site. Go to your domain registrar (which may or may not be your hosting provider) and add the CloudFlare nameservers.

It will take time for the nameserver change to take affect (up to 48 hours) but when it does, all requests for your site will pass through CloudFlare enabling it to provide the security filtering and to serve requests for static files (up to 512MB in size).

The CloudFlare WordPress Plugin

Whilst CloudFlare will now be fully set up for your site, you might want to consider installing the CloudFlare plugin from the WordPress repository.

The plugin will ensure that originating IP addresses are retained for commenters, etc. (otherwise only CloudFlare’s IP address will be shown) and allows you to notify CloudFlare of spam creating IP addresses with the click of a button.

Nothing To Lose?

Setting up CloudFlare for your WordPress is quick, easy and straight forward to reverse if you decide you don’t want to continue with the service.

Considering the cost and the potential benefits that CloudFlare brings there seems to be very little reason not to at least give it serious consideration.

Do you use CloudFlare? What has your experience been?