Is Cloudflare Good For WordPress? It’s A Yes For Me

Previously, I wrote about my frustration with Cloudflare issues here on my site. I couldn’t figure out how to set up Cloudflare correctly so I let it go and make do with basic WordPress caching/optimization plugins. My site worked fine without CDN, however, I can’t shake the feeling that I should be utilizing Cloudflare if only I could make it work. So I spent a good amount of time researching and trying out different configurations. Now, to answer the burning question: Is Cloudflare good for WordPress? Yes indeed, if set up correctly. Please note that I am only sharing my own experience and I cannot guarantee that implementing my suggestions will work for you 100%.

How To Setup (Free) Cloudflare On WordPress

The first thing you need to do, which I didn’t when I initially tried to set up Cloudflare, is to check your hosting provider’s knowledge base or support forum for a setup guide. I’m using Hostinger and in this tutorial, they pointed out to enable Cloudflare only for the naked domain name and www subdomain:

cloudflare-hostinger
Source: Hostinger

What I did wrong the first time: I enabled Cloudflare for everything in my DNS settings. A classic example of “not because you can, doesn’t mean you should”. I saw gray clouds and turned them all orange. Don’t be like me.

Unlike the DNS records on Hostinger’s blog, instead of an A record for my www subdomain, I have a CNAME when Cloudflare pulled my DNS records from Hostinger. Not sure why that is, I didn’t bother to check. But I did not modify my DNS records and simply enabled the orange cloud for my naked domain A record and www CNAME. I’m getting a warning Cloudflare message for my FTP A record saying: “An A, AAAA, CNAME, or MX record is pointed to your origin server exposing your origin IP address.”. And so I enabled the orange cloud on that too to make the error go away, even though Hostinger does not recommend doing it. To summarize, orange clouds are okay only for the naked domain A record, www CNAME or www A record (depending on your hosting provider), and FTP A record (optional).

To Plugin Or Not To Plugin

If implementing Cloudflare on a live site, it’s a good idea to disable/uninstall any existing WordPress JS, CSS, and HTML minification or caching plugins to avoid any incompatibility issues. As for the Cloudflare plugin, installing it is optional, but I like the automatic cache management feature so I got it. Nevertheless, you can always log in to Cloudflare and purge the cache from there if that’s your preference. Notice that in the plugin, there’s a setting to Optimize Cloudflare for WordPress. It is important that you know what it does by reading this article straight from Cloudflare discussing their one-click configuration.

You may stop here if everything works on your site and don’t want to risk breaking anything by experimenting on other settings.

Cloudflare SSL Is Not Working

Now, this is tricky. You’re going to have to spend some time reading their knowledge base and may need to seek help from your domain name registrar or hosting service provider.

I’ve seen discussions about all the confusion in regards to using a Let’s Encrypt SSL (or similar) certificate with Cloudflare. The simple answer is no, you cannot use/upload a custom SSL certificate on Cloudflare unless you are willing to pay $200 for a Business plan upgrade.

From my understanding, the simplest way to configure SSL on Cloudflare is to use their free Universal SSL (enabled by default under Edge Certificates, no need to do anything else), and install their Origin CA certificate (also free of charge) at your hosting provider a.k.a. origin web server.

Users who want to take it a step further have an option to purchase a Dedicated SSL Certificate from Cloudflare.

cloudflare-universal-dedicated-ssl
Source: Cloudflare

Yes, there are two certificates working wonders here. Universal SSL encrypts traffic from browsers to CloudFlare; the Origin CA certificate encrypts traffic between Cloudflare and your origin server. Whoa, encryption galore. But, as always, free services come with limitations which you can read about here. If you have a Let’s Encrypt Certificate like me, you can use that at your origin web server instead of Cloudflare’s Origin certificate.

If you encounter any issues, info about troubleshooting SSL errors is available on their site.

PRSNL Preference

As a broke millennial, I don’t want to spend any more than what I’m already paying for hosting and domain. I had to find a way to fully use Cloudflare as a free CDN without breaking my site and sure enough, if there’s a will, there’s a way!

I’m actually not using all the defaults set by Cloudflare’s WordPress plugin. For instance, I’ve disabled Auto Minify and Rocket Loader and still use plugins like Autoptimize and Async Javascript. Although Universal SSL is active on my site, I’m not using their Origin Certificate. My site sometimes shows up as not secure after purging the cache so I’m sticking to Let’s Encrypt Certificate at this time.

Overall, it’s a relief that I finally got Cloudflare to work with my current setup. My page scores have improved, and that’s what I’ll talk more about next time.