Want to set up Cloudflare for WordPress?
Cloudflare is a free content delivery network (CDN) and security service. Once you connect your WordPress site to Cloudflare, you’ll be able to speed up your site with the CDN, secure it with SSL and bot protection, and implement some other useful features.
In this Cloudflare for WordPress tutorial, you’ll learn how to:
- Set up your WordPress site with Cloudflare
- Configure the official Cloudflare plugin
- Use Cloudflare to enable HTTPS to get the green checkmark
How does Cloudflare benefit your WordPress site?
If you’re not familiar with Cloudflare, here’s a rapid-fire list of some of the benefits of using Cloudflare for WordPress:
- CDN – Cloudflare’s content delivery network helps speed up your site by serving your static content from a huge network of global servers. Cloudflare is the most popular free CDN service.
- SSL – if your site doesn’t already have an SSL certificate, Cloudflare can help you use HTTPS on your WordPress site to get the green padlock in visitors’ browsers.
- DNS – Cloudflare is one of the fastest DNS providers, which can speed up your site’s time to first byte (TTFB).
- Security rules – Cloudflare lets you set up custom security rules to secure specific parts of your site, like your WordPress dashboard.
- DDoS protection – Cloudflare can help you protect against distributed denial of service (DDoS) attacks. It can also help you just generally filter out malicious traffic.
- Other performance benefits – Cloudflare can help you minify your code, enable Brotli compression, and implement other performance best practices.
How to set up Cloudflare for WordPress
Before you can start configuring the other options in Cloudflare, you need to connect your site to Cloudflare.
Cloudflare is what’s known as a reverse proxy service. You don’t really need to know what that means – but what you do need to know is this:
In order for Cloudflare to work, it needs to be able to manage your domain’s nameservers so that it can serve up cached content from its CDN and filter out malicious actors (if you enable the security features).
To do that, you’ll need to change your domain’s nameservers to Cloudflare, which is what most of the basic setup process entails.
Here’s how to do it…
1. Create your free Cloudflare account
To get started, go to Cloudflare and sign up.
On the next page, enter the domain name of the WordPress site that you want to use with Cloudflare and click Add site:
Next, you’ll be prompted to choose a plan. You can choose the Free plan for now, as it offers all the features most WordPress sites need:
2. Verify DNS records
Once you choose your plan, Cloudflare will scan your site’s DNS records.
If you’re not sure what’s going on here, don’t worry. The only thing you need to verify is that you see an orange cloud next to your main domain name (which you should see by default – no action required):
Then, click Continue.
3. Update nameservers to point towards Cloudflare
Now, Cloudflare will give you a new set of nameservers to replace your existing nameservers:
Nameservers are part of what you use to connect your domain name to your web hosting. When you switch to Cloudflare’s nameservers, Cloudflare is able to direct traffic to your website. It uses this power to:
- Filter out malicious traffic – it will send regular traffic to your website just like normal, while filtering out malicious actors before they can reach your site.
- Deliver static content from the closest server in its huge global network (the CDN part)
How you will change your nameservers depends on where you registered your domain name. Here are tutorials for some of the most common domain name registrars:
Here’s what it looks like at Namecheap…
First, here’s how my domain name was configured before connecting it to Cloudflare:
And here’s what it looks like after updating my nameservers to point towards Cloudflare:
Once you’ve changed your domain’s nameservers, go back to the Cloudflare interface and click the Done, check nameservers button.
Note: nameservers can take up to 24 hours to update, so you might need to wait a bit for Cloudflare to update. Don’t panic and think you made a mistake unless it’s been at least 24 hours.
4. Configure some basic settings
On the next page, you can configure some basic settings for how Cloudflare functions.
If you want to use SSL/HTTPS, you should select the Full option. This helps secure traffic at your site and also helps your site get the green padlock in visitors’ browsers.
Make sure to update your WordPress site to use HTTPS if you use Cloudflare’s Full SSL. You’ll likely need to, in part, update your WordPress site’s URLs.
You can also configure:
- Minification – shrink the size of your code. Many WordPress performance plugins enable minification. So if you’re already using a plugin that does that, you shouldn’t enable this in Cloudflare.
- Brotli – Brotli is a server-level compression alternative to Gzip. I recommend enabling it.
Once you’ve made your choices, click Done.
5. Verify that your connection is complete
Once you click Done, you might see a message telling you that you need to complete your nameserver setup:
Again – don’t panic. Nameservers can take up to 24 hours to update, so it’s totally normal to see this message for a few hours even if you did everything correctly.
Wait 30 minutes to an hour and then click the Re-check now button to see if the nameservers have updated.
Once they do, you should see a success message:
And that’s it! You just set up Cloudflare for WordPress.
How to configure the official Cloudflare WordPress plugin (optional)
Once you connect your WordPress site to Cloudflare, you can manage a number of features from the Cloudflare dashboard.
However, to make life easier for WordPress users, Cloudflare also offers its own official WordPress plugin.
You do not need to use this plugin to use Cloudflare with WordPress – you could do pretty much everything from the Cloudflare website instead.
However, the plugin helps with two things:
- It automatically configures some of the most important settings to optimize how your WordPress site works with Cloudflare.
- It lets you manage some important Cloudflare settings from your WordPress dashboard, rather than needing to use the Cloudflare website.
For those two reasons, I recommend completing this section to set up the Cloudflare WordPress plugin.
Here’s how to do it…
I. Install the Cloudflare plugin
The official Cloudflare plugin is listed at WordPress.org, so you can install it right from your WordPress dashboard by searching for “Cloudflare”:
II. Connect to Cloudflare account
Once you activate the plugin, go to Settings → Cloudflare and click the Sign in here option:
Enter the email address of your Cloudflare account, along with your Cloudflare API key (more on this below):
Then, click Save API Credentials.
III. Optimize Cloudflare settings
Once you activate the plugin, you’ll see an Optimize Cloudflare for WordPress option. Click Apply to automatically optimize your Cloudflare settings for WordPress:
And that’s it!
If you want, you can browse the rest of the settings in your WordPress dashboard (or the Cloudflare dashboard). However, there’s nothing else that you’re required to do.
Get started with Cloudflare for WordPress today
If you want to speed up and protect your WordPress site, Cloudflare is one of the best free services that you’ll find.
While the setup process requires a little technical effort with changing your domain’s nameservers, it’s a one-time thing and, going forward, your site will benefit without you raising a finger.
Again, the basic process to use Cloudflare for WordPress is to:
- Create your free Cloudflare account
- Change your domain’s nameservers to point to Cloudflare’s nameservers
- Install the official Cloudflare plugin to optimize the configuration
For some other ways to speed up your WordPress site, check out our guides to:
Do you still have any questions about using Cloudflare with WordPress? Let us know in the comments section!