Using Cloudflare with WordPress


With tens of millions of sites on the internet using Wordpress, many WordPress sites have decided to use Cloudflare to make their site faster with our free CDN and to make the site more secure with our security. Since we get a lot of questions about WordPress online and in our support channel,  as well as a lot of common areas of confusion, we’ll cover recommended first steps in an easy to read article. All of these steps take very little time to do complete, and any WordPress user should be able to do most of the steps in a few minutes or less.

The article starts from the perspective that you have already followed the process to create your Cloudflare account and added your website to Cloudflare. You can also learn more in Cloudflare 101 section.

Step #0 - Preparing the Server

If you have control of your web server, here are some tweaks that will make your life a little easier, if you want don’t have control of your web server feel free to skip this section.

On an Apache server, it is a great idea to install the latest version of Mod_Cloudflare. This will ensure that Cloudflare works transparently by ensuring your IP Address is logged correctly in both Apache logs and web applications. In addition to this, Mod_Cloudflare will now also ensure that Flexible SSL will work transparently. In order to install Mod_Cloudflare please see our resources page:

In addition to this, be sure not to rate limit or block Cloudflare IPs, you can find a list of Cloudflare IPs here:

Step #1 - Install the WordPress Plugin

The official Cloudflare plugin for WordPress allows you to ensure your site is running optimally on the WordPress platform:

In order to install this plugin you will first need to login to your WordPress dashboard, go to the plugins section, search for ‘Cloudflare’, and and install the WordPress plugin.

After the plugin has been installed click the “Activate Plugin” button. You can then go ahead and configure the plugin by going to Settings and clicking the Cloudflare menu option:

You will then be greeted by the login page where you can now enter in your credentials:

In order to find your API key, you can look in the drop down in the top right corner of your Cloudflare dashboard and click “My Profile”, the API key options will be under the Account > API Key section.

You will find the Global API Key panel on that Page:

Once you have entered your Global API key into the WordPress dashboard, click “Save API Credentials” and we’re good to go.

Step #2 - Load Optimized Defaults

You can now enable the Optimized Defaults in the WordPress plugin so Cloudflare works optimally on your platform. You can do this by clicking the “Apply” button next to this setting.

Automatic Cache Purge will allow you to automatically flush the Cloudflare Cache when your WordPress site appearance is updated, you should enable this too.

Next Steps

After following these steps, you can now go ahead and improve your security and performance by customizing your Cloudflare configuration.  For instance, to optimize the Cloudflare Web Application Firewall (WAF) for WordPress, visit the Cloudflare Managed Ruleset tab of the Firewall app and set Cloudflare WordPress to On.

Next, see also:

Not finding what you need?

95% of questions can be answered using the search tool. This is the quickest way to get a response.