Yes, WordPress with Cloudflare is a great combination. It help you to improve your WordPress site speed and security!
Over the last few years, Cloudflare’s popularity as a DNS (Domain Name Servers) company has grown. But in addition to their DNS activity, they provide services like DDoS attack protection, CDN (Content Delivery Network), Firewalls, WordPress optimization, Domain registration, … a lot of service addons, all of them related to the fact of being the first chain-link in charge of serving a web page.
Table of Contents
- How does Cloudflare work?
- What does Cloudflare Proxy Mode mean?
- Cloudflare is more than a CDN
- Improving the speed and security of WordPress with Cloudflare
- How to use Cloudflare with WordPress?
- Tips when using Cloudflare with WordPress
- Cloudflare plugins for your WordPress
- Conclusion
How does Cloudflare work?
The first step in the tasks sequence involved in serving a web page is the name resolution.
When, in your browser, you type in an address, for instance, https://wetopi.com, the first thing the browser does is to ask a Name Server where is served the wetopi.com page.
Here is where Cloudflare comes in.
When Cloudflare acts as DNS, it answers with the webserver address. So far, there is no difference with other DNS such as those provided by a domain registrar or hosting company. But,
What changes is How
Cloudflare can respond with a DNS from more than 250 geographical points. Thanks to this, visitors get the answer from a DNS close to their location. And closer means less latency, thus more speed.
What does Cloudflare Proxy Mode mean?
Here comes the big difference with other DNS. Cloudflare takes advantage and acts as a proxy, that is, it gets ahead of your server. But there is more, Cloudflare takes advantage of its entire distributed network of servers, so it can also act as a CDN.
Cloudflare is more than a CDN
When you enable Cloudflare’s proxy mode, your website’s content requests go through Cloudflare’s servers first, and this is where Cloudflare takes advantage of and allows you to add other features and services.
Improving the speed and security of WordPress with Cloudflare
Cloudflare’s DNS service is free in their “Basic” plan. The best part is that you also get access to almost all their services in their “simple” or “low-advanced” mode.
Here you have a shortlist of services that will help you improve WordPress speed and also increase security:
SSL security
You can add HTTPS to your site, even without having certificates on your own server.
You can add HTTPS security to your site, even without having certificates on your own server. The good thing is that Cloudflare offers you SSL service with the last TLS version, the HTTP/2 TLS 1.3 protocol.
At wetopi, we have used TLS 1.3 since its inception. We are aware of the importance of using modern protocols, especially when they have an impact on speed and security. In this post we show you in detail how to get better performance and security for WordPress with TLS 1.3
Firewall
A Firewall with filters and rules, detection of Bots, blocking of DDoS attacks.
Of course, if you want to have fine-grained control, you have to upgrade to a payment plan.
Protect content on your site
In the “Scrape Shield” section we can activate protections such as e-mail address obfuscation, protect against hotlinking, for example, to protect images against links outside our website.
Speed optimization
By default, it reduces the size of your content with the help of compression techniques. It even adds modern protocols like Brotli (with wetopi, you already have Brotli by default).
To improve WordPress speed, one of the paid features you can add to your Free plan is APO: Automatic Optimization for WordPress ($ 5 / month).
Roughly speaking, APO generates static versions of your webpages and uses the Cloudflare Workers to serve them from its distributed nodes around the globe. It is as if it were an “extended” CDN capable of serving not only images and javascript but even your optimized Html.
APO uses a WordPress plugin that transparently manages things such as cleaning the cache every time you update the content of a page.
Consider APO for WordPress when some of these cases resonate:
- You have a poorly optimized WordPress site, and you cannot afford an optimization.
- Your site serves an international audience.
- Your website has an important base of pages that can be static.
- You have high TTFB (Time to First Byte) (Let say a TTFB greater than 1 second).
There is a good APO study in this article: https://developers.Cloudflare.com/automatic-platform- optimization /
Cache / CDN
Cloudflare is what we would call a CDN Pull. That is, when a user accesses your website, the first request goes to your server, then Cloudflare caches the images, JS, CSS, and even the first HTML request (the first Byte, to serve the so-called TTFB), and It does it in the node closest to the region where your visitor is.
The Cloudflare Free cache already provides a substantial improvement in response time. Things are not so good when we talk about permanence and content spread on remote nodes.
Here comes an interesting option: Argo. Another Pay-Per-Use option that you will find in the “Traffic” section:
Argo is an advanced CDN option they call “Tiered Cache”. Basically what it does is intelligently bring the contents of your website to the final consumption nodes.
In the past, this option was only accessible in paid plans, but now you can activate it in your free account. Argo has a minimum cost of $ 5/month for the first GB.
You can see the pricing details at https: //support.Cloudflare. com / hc / en-us / articles / 115000224192-Billing-for-Argo
At wetopi, we have been using Argo for a long time and the result is very good:
How to use Cloudflare with WordPress?
Step 1:
If you don’t have a Cloudflare account yet, visit the Cloudflare website and sign up for a free account.
Step 2:
Now you need to tell Cloudflare that you want to manage your website.
Click on the “Add site” option that you will find in the top menu bar of Cloudflare.
In this step what you are doing is preparing Cloudflare to start managing your domain’s DNS.
Cloudflare will then ask you to select a plan. We recommend starting with a free plan that works well for most users. Choose the “Free” option and click “Continue”.
Cloudflare will immediately scan all possible zone configurations that the domain may have defined. If you already had the domain name up and running, go carefully and compare one by one the zone definitions that you have in your current DNS manager. Cloudflare is not always able to find out all defined zones.
When you click Continue, Cloudflare will indicate the two NS (Name Servers) that will manage the DNS of your domain.
Step 3:
This step is important.
To change the NS, you have to go to your current DNS manager, usually, your domain registrar.
Attention do not confuse the DNS or NS (Name Servers) with the “DNS Zones” or “DNS Record”.
In our case the registrar is Mrdomain (Dondominio) and the NS change section is designated as DNS:
After saving the changes we will have to wait. Name server updates can take 24 hours to process. You will receive an email when your site is live using Cloudflare Name Servrs.
You don’t have to worry about waiting. When you change nameservers there is no downtime
Tips when using Cloudflare with WordPress
1 If you are making changes to your WordPress, activate development mode
This disables Cloudflare’s cache and allows you to instantly see the changes.
2 In case of any errors or strange behavior, clear cache
First of all, clear your WordPress cache (if that’s the case) and then Cloudflare’s. You have a quick link: Purge cache.
3 Prepare for DDoS attacks
At wetopi, we are ready for massive DDoS attacks. But WordPress has a well-known weak point, “heavy uncacheable pages”: attackers can sneakily bypass WordPress caches and target heavy pages, leaving your server without resources without you and our DDoS firewalls barely knowing it.
Here Cloudflare is of great help when working in proxy mode.
Always have the credentials to access the Cloudflare panel at hand . You’ll find the “Under Attack Mode” switch on the quick access menu.
Cloudflare plugins for your WordPress
If you want to “automate” the previous cache management, you can combine a few WordPress plugins with Cloudflare to facilitate management operations from your admin dashboard.
From wetopi we do not consider it strictly necessary. We prefer that you be clear about the precautions and always have the Cloudflare panel at hand.
If you are looking to improve the speed of WordPress, always try to use the minimum essential plugins.
Cloudflare has afresh new management panel and very good online help.
Attention, there is a free plugin that deserves our attention “WP Cloudflare Super Page Cache“. This WordPress extension imitates the previously described paid APO functionality and can be a good alternative and free option
Conclusion
From wetopi, we strongly recommend the adoption of Cloudflare with your WordPress site. The specialization of DNS services is an important step towards the professionalization of a website.
DNS management is one of those “size matters” services. The move to Cloudflare can be a bit overwhelming, especially given the number of options available, but moving to an Anycast DNS network of more than 250 nodes is worth it in and of itself. If you also have a performance and security improvement against DDoS attacks, you couldn’t ask for more.
We are techies passionate about WordPress. With wetopi, a Managed WordPress Hosting, we want to minimize the friction that every professional faces when working and hosting WordPress projects.
Not a wetopi user?
Free full performance servers for your development and test.
No credit card required.