How to Install Cloudflare on WordPress

How to Install Cloudflare on WordPress


How to Install Cloudflare on WordPress

Cloudflare is a company that provides content delivery network (CDN), DNS, DDoS protection, and security services. They have become very well known in the web performance industry for fast DNS lookup times and have a robust network of over 100 different data centers around the globe. They are backed by some of the biggest names in the industry such as Google, Microsoft, and Qualcomm. Some of their clients include Nasdaq, Digital Ocean, Zendesk, and Cisco.

1. Create Your Cloudflare Account

1: To get started, head on over to Cloudflare and create a new account:

Create Your Cloudflare Account

2: Enter your site and Click on Add site

Enter your site

3: Select a plan We will choose the free plan and then click Confirm plan

Select a plan

4: Confirm DNS Records And Modify If Needed

On the next page, you can choose which DNS records will be routed through Cloudflare and which will bypass Cloudflare’s network.

You don’t necessarily need to do anything in this interface.

In fact, the only thing that you absolutely need to verify is that you see the orange icon next to the record for your actual domain name:

Confirm DNS Records And Modify If Needed

5: Change your Nameservers

Now, in order for Cloudflare to act as a reverse proxy for your site, you need to make few changes.

  1. You need to login to your domain management panel.
  2. You need to change your domain’s current nameservers with the one provided by Cloudflare.

Here are a couple of links to documentation with different domain registrars on how to change them.

Once you make the changes at your registrar, head back to Cloudflare and click the Continue button to finish the process.

cloudflare nameservers


Remember, DNS related changes can take as long as 24-hours to propagate globally. So, you need to keep patience.

note: You can always check the changes using a free tool called “intodns”.

Here’s what it looks like with Namecheap:

2: How to Install Cloudflare on WordPress

If you’re using WordPress, Cloudflare provides a dedicated plugin that:

  • Lets you configure WordPress-optimized settings with one click
  • Adds WordPress-specific rulesets to the web application firewall (for paid plans)
  • Lets you automatically purge Cloudflare’s cache when you update your content

And the plugin also lets you change Cloudflare settings from inside your WordPress dashboard, rather than needing to use the Cloudflare website.


1: Activate Official WordPress Plugin

To set up the plugin, get started by installing and activating the Cloudflare plugin.

How to Install Cloudflare on WordPress
Cloudflare plugin

Then, go to Settings → Cloudflare in your WordPress dashboard and click the link to sign in:

How to Install Cloudflare on WordPress

On the next screen, you’ll need to enter your email address and API key:

How to Install Cloudflare on WordPress
email address and API key

To find your Cloudflare API key:

  • Go to the Cloudflare interface
  • Click on your email address in the top-right corner
  • Select My Profile
  • Scroll to the API Key section
  • Click View API Key next to the Global API Key option
How to Install Cloudflare on WordPress
find your Cloudflare API key

Copy that value and paste it into the API Key box in your WordPress dashboard:

How to Install Cloudflare on WordPress

3: Enable Optimized WordPress Settings

Once you activate your Cloudflare account within the plugin, you’ll see a number of new options in the Cloudflare plugin interface.

One nice thing about the plugin is that it includes an option to Optimize Cloudflare for WordPress. When applied, Cloudflare will make a number of tweaks to your settings to, well…optimize your settings for WordPress. You can view a full list of those changes here.

While you’ll need to further customize things still, applying these settings is a good way to get started:

How to Install Cloudflare on WordPress

If you’re using a caching plugin like WP Rocket, you should also consult the developer’s documentation for potential specific integration settings. For example, WP Rocket will automatically configure things for you if you authenticate your Cloudflare account with the WP Rocket plugin.

4: More Advanced Cloudflare Configuration Options You Should Set Up

While the basic Cloudflare setup process is fairly simple, if you want to optimize your site, you’ll need to configure some additional settings in your Cloudflare dashboard, especially if you’re using WordPress.

Step 1: Configure Cloudflare SSL Settings

Cloudflare gives you multiple options for how you configure your SSL connection:

  • Off – no SSL active. This isn’t recommended
  • Flexible – traffic is secure between your visitor and Cloudflare, but not between Cloudflare and your origin server.
  • Full – secure connection between both your visitor and Cloudflare and Cloudflare and your origin server
  • Full (strict) – the same as Full but with the benefit of authentication

Here’s which option to use:

  • If you’re able to install an SSL/TLS certificate at your host, use one of the Full options (depending on the type of certificate you have).
  • If you’re unable to install an SSL/TLS certificate at your host, use the Flexible option. It still adds some security and gets you the coveted “green padlock”.

To configure your SSL settings, go to the Crypto tab in your Cloudflare dashboard and use the drop-down:

Step 2: Set Up HTTPS And WordPress-Specific Page Rules

Page rules are a helpful feature that let you:

  • Exclude specific URLs from Cloudflare
  • Force HTTPS on all your pages/content

By default, Cloudflare gives you 3 free page rules, though you can add additional page rules starting at $5 per month for 5 rules.

For most WordPress sites, though, 3 page rules are enough to get started. Here’s what you’ll want to use them for:

  • Force HTTPS
  • Exclude wp-admin from Cloudflare and secure
  • Secure wp-login.php

The latter two rules are important to secure sensitive areas of your site and ensure that you don’t experience any issues with the WordPress dashboard.

To set up your page rules, go to the Page Rules tab in your Cloudflare dashboard. Then, click Create Page Rule:

Page Rule #1: Force HTTPS

To force site-wide HTTPS use, create a page rule for http://*yourdomain.com/* like follows:

Page Rule #2: Secure wp-admin And Exclude From Cache

Next, create a rule for yourdomain.com/wp-admin* like follows:

Page Rule #3: Secure wp-login.php

Finally, create a third page rule for yourdomain.com/wp-login.php* like follows:

Here’s a quick recap:

Rule #1:


Always use HTTPS

Rule #2:


Security Level: High

Rule #3:


Security Level: High, Cache Level: Bypass, Disable Apps, Disable Performance

If you’re willing to purchase additional page rules (starting at $5 per month for 5 page rules), you can also do things like:

Step 3: Consider Using 2-Factor Authentication For Your Cloudflare Account

Because you can manage DNS records directly from your Cloudflare account (as well as a plethora of other sensitive settings), you need to pay serious attention to preventing unauthorized access to your Cloudflare account.

Thankfully, Cloudflare offers optional 2-factor authentication via:

  • Google Auth
  • Authy
  • TOTP

To configure it, go to My Profile and select your desired option:

5: How to Clear Cloudflare Cache

Running into problems? There will be times when you need to clear (purge) Cloudflare cache. There are two easy ways to do this.

Step 1 – Clear Cloudflare Cache in WordPress Plugin

If you have the Cloudflare WordPress plugin installed, you can purge the cache from “Settings → Cloudflare.”

Clear Cloudflare cache in WordPress plugin

Step 2 – Clear Cloudflare Cache from Control Panel

Your other option is to clear Cloudflare cache from their control panel. To do so, click into the “Caching” tab and then on “Purge Everything.”

Clear Cloudflare cache

Once you have everything up and running smoothly, it’s better to only purge the cache of individual files. Cloudflare provides an easy way to do this.

Custom purge file cache

Note: If you purge everything, you may temporarily degrade performance on your website as assets have to re-cache. However, sometimes this is unavoidable, especially if you aren’t sure exactly what script or asset on your site needs to be refreshed.

Other Helpful Features + Reasons To Consider Cloudflare Pro

Beyond the core features above, Cloudflare has a number of other features that you might want to consider:

  • Always Online – FREE – if your site goes down, this feature serves up a cached version so visitors can still access it. Configure in Caching tab.
  • Rate Limiting – Billed on usage (first 10,000 requests are free) – protect your site by blocking certain IP addresses that fit specified rules. Configure in Firewall.
  • Argo – Billed on usage – delivers responses to users more quickly by using optimized routes across the Cloudflare network.
  • I’m Under Attack Mode – FREE – helps protect your site during a DDoS attempt. Enable in your main dashboard.
  • Web Application Firewall – PAID – includes specific rulesets for WordPress sites. Configure in Firewall.
  • Polish – PAID – automatically optimizes images, including WebP images. Configure in Speed.

If you want access to features like the Web Application Firewall and  image optimization, Cloudflare’s paid plans start at $20 per month.

Final Thoughts On Cloudflare For WordPress Sites

Cloudflare offers an easy-to-implement way to both secure and speed up your WordPress website.

You can get started in just a few minutes by adding your site and pointing your nameservers to Cloudflare. After that, you’ll want to make some further tweaks by setting up SSL and page rules, as well as considering whether or not you want access to Cloudflare’s premium settings.

Give it a try and see if it improves your site’s page load times!

About the author

Jamie Vadym

Jamie Vadym

Founder of Error Hat. Expertise in Virtualization, Cloud Computing, Linux/UNIX systems, Programming,Storage systems,HA, Server Clustering e.t.c.

1 Comment

Click here to post a comment