Cloudflare WordPress Plugin
Cloudflare’s free plugin for WordPress accelerates page load speeds, improves SEO, and protects against DDoS attacks and WordPress-specific vulnerabilities.
The WordPress plugin for Cloudflare offers all of the benefits of Cloudflare, with a one-click installation of settings specifically developed for the WordPress platform.
Benefits of Cloudflare’s WordPress Plugin
Automatic Platform Optimization (APO)
Take your WordPress site’s performance to the next level with Automatic Platform Optimizations (APO). APO allows Cloudflare to serve your entire WordPress site from its edge network ensuring consistent, fast performance for visitors no matter where they are. Find out more in our announcement blog.
Web Application Firewall (WAF) Rulesets
Cloudflare’s web application firewall (WAF), available on all of Cloudflare’s paid plans, has built-in rulesets specifically built to mitigate against WordPress threats and vulnerabilities. Cloudflare’s WAF provides confidence that your website is always protected, even against the latest threats and vulnerabilities targeting WordPress websites.
Automatic Cache Purge on Website Updates
Cloudflare’s plugin for WordPress automatically refreshes the Cloudflare cache upon making changes to your website appearance. This means that you can focus on your website, while we take care of ensuring that the freshest content is always available to your visitors.
SSL For WordPress
Cloudflare offers free SSL certificates for WordPress users. With SSL for WordPress you can secure data being transferred between your website and your visitors. Secure websites are looked positively upon by both users and search engines.
Improving SEO For WordPress
Cloudflare’s plugin improves SEO for WordPress thanks to performance and security improvements. Google has announced that they prioritize fast-loading pages as well as pages using security features like SSL in their search algorithm.
DDoS Protection For WordPress
Distributed denial-of-service (DDOS) attacks are among the most common threats to websites. Enabling Cloudflare’s free DDoS protection for WordPress uses tools like rate limiting to protect your website from attackers.
Mixed Content Fixes with Automatic HTTPS Rewrites
Automatic HTTPS Rewrites safely eliminates mixed content issues on your WordPress website, while enhancing performance and security by rewriting insecure URLs dynamically from known(secure) hosts to their secure counterpart. By enforcing a secure connection, Automatic HTTPS Rewrites enables your WordPress website to take advantage of the latest security standards and web optimization features only available over HTTPS. The Automatic HTTPS Rewrites toggle can be found in the dashboard of Cloudflare’s plugin for WordPress.
Detailed Explanation of How This Works
Automatic Platform Optimization puts your website into Cloudflare’s network that is within 10 milliseconds of 99% of the Internet-connected population in the developed world, all without having to change your existing hosting provider.
Dynamic Caching
Powered by the Cloudflare's Edge
Automatic Platform Optimization serves both static and dynamic content from Cloudflare edge reducing costly round trips to the origin and server processing time. All the communication occurs between the user’s device and Cloudflare edge and
Automatic Platform Optimization bypasses the cache on standard WordPress and WooCommerce cookies for authenticated users. This ensures customized content for a specific user is only visible to that user. Fonts are rehosted and served from our cache.
Get started with Cloudflare for WordPress today
If you want to speed up and protect your WordPress site, Cloudflare is one of the best free services that you’ll find. While the setup process requires a little technical effort with changing your domain’s nameservers, it’s a one-time thing and, going forward, your site will benefit without you raising a finger.
The basic process to use Cloudflare for WordPress is to:
- Create your free Cloudflare account
- Change your domain’s nameservers to point to Cloudflare’s nameservers
- Install the official Cloudflare plugin to optimize the configuration
Get started with Cloudflare for WordPress today
If you want to speed up and protect your WordPress site, Cloudflare is one of the best free services that you’ll find. While the setup process requires a little technical effort with changing your domain’s nameservers, it’s a one-time thing and, going forward, your site will benefit without you raising a finger.
The basic process to use Cloudflare for WordPress is to:
- Create your free Cloudflare account
- Change your domain’s nameservers to point to Cloudflare’s nameservers
- Install the official Cloudflare plugin to optimize the configuration
I. Install the Cloudflare plugin
The official Cloudflare plugin is listed at WordPress.org, so you can install it right from your WordPress dashboard by searching for “Cloudflare”:
II. Connect to Cloudflare account
Once you activate the plugin, go to Settings → Cloudflare and click the Sign in here option:
Enter the email address of your Cloudflare account, along with your Cloudflare API key (more on this below):
Then, click Save API Credentials.
III. Optimize Cloudflare settings
Once you activate the plugin, you’ll see an Optimize Cloudflare for WordPress option. Click Apply to automatically optimize your Cloudflare settings for WordPress:
And that’s it!
If you want, you can browse the rest of the settings in your WordPress dashboard (or the Cloudflare dashboard). However, there’s nothing else that you’re required to do.
FAQ
Yes, on install and activation of the plugin, first time users will be asked to enter their email address (used to sign-up for an account at cloudflare.com) and either an API Token or their API key. This is needed to support all the features offered by the plugin.
Yes, Cloudflare works with, and helps speed up your site even more, if you have Varnish enabled.
APO works best when the WordPress plugin is used. We do not recommend using APO without the plugin installed. If you face issues with Cloudflare detecting the plugin then follow these steps:
1. Go to Cloudflare WordPress plugin
2. Disable APO in the card
3. Enable APO in the card (will set proper settings for APO feature)
4. Clear any server cache used via other plugins (WP Rocket being an example)
5. Verify that your origin starts serving response header “cf-edge-cache: cache,platform=wordpress”
You can read more about APO with WordPress here
To find your Cloudflare API key:
- Go to the Cloudflare dashboard
- Click on your account icon in the top-right corner
- Select My Profile
- Click on the API Tokens tab
- Click View next to your Global API Key (you’ll need to enter your password to view it)
- Copy this value and add it in the plugin’s settings in your WordPress dashboard
