Cloudflare can supercharge your WordPress site — dramatically speeding up page loads, reducing server load, and protecting you from bots and attacks. But if it’s not set up properly, you might not see these benefits… or worse, you could inadvertently break parts of your site.
This guide walks step-by-step through the correct way to set up Cloudflare for WordPress so you get both performance and security wins — without headaches.
1. Why Cloudflare Matters for WordPress
Cloudflare sits between your visitors and your server. It acts as:
- A CDN (Content Delivery Network): caching and serving static files from global data centres so your website loads faster around the world.
- A security shield: protecting your site from DDoS attacks, bots, and common threats with its web application firewall (WAF).
- A DNS provider: Cloudflare’s DNS is often faster and more reliable than standard registrar DNS services.
This combination reduces load on your WordPress host, boosts performance, and improves uptime.
2. Step-by-Step Cloudflare Setup for WordPress
Step 1. Create a Cloudflare Account
- Go to Cloudflare.com and sign up for a free account.
- Add your WordPress site’s domain when prompted.
- Cloudflare will scan your existing DNS records — review these and ensure they match what your DNS host currently lists.
Tip: If your current DNS has important records (email, subdomains, etc.), make sure they’re all copied over.
Step 2. Update Your Nameservers
Cloudflare will give you two new nameservers.
- Log in to your domain registrar (e.g., GoDaddy, Namecheap, 123-Reg).
- Replace the current nameservers with the Cloudflare ones.
- Save changes and wait for DNS propagation (can take minutes to a few hours).
Once propagation completes, traffic to your site will pass through Cloudflare.
Step 3. Configure SSL Correctly
To avoid SSL errors:
- Go to Cloudflare → SSL/TLS in the dashboard.
- Set your SSL mode to Full or Full (Strict) (recommended if your origin has a valid SSL cert).
- Enable Always Use HTTPS and Automatic HTTPS Rewrites.
This ensures secure connections from users to Cloudflare and from Cloudflare to your origin host.
Step 4. Install the Official Cloudflare WordPress Plugin
While Cloudflare works independently, the official Cloudflare plugin makes your life easier:
- In your WordPress admin, go to Plugins → Add New.
- Search for “Cloudflare” and install the official plugin by Cloudflare, Inc.
- Activate it and connect using your Cloudflare email + API token (create this from your Cloudflare dashboard under My Profile → API Tokens).
Benefits of the plugin:
- Purges cache automatically when content updates.
- Lets you manage key Cloudflare settings from within WordPress.
Recommended Cloudflare Settings for WordPress
Enable Caching and Performance Optimisations
Once connected:
- Turn on Auto Minify (CSS, JS, HTML).
- Enable Brotli compression.
- Set a reasonable Browser Cache TTL (e.g., 1 day).
- Use Always Online to serve cached pages during downtime.
These settings reduce page weight and speed up delivery.
Automatic Platform Optimisation (APO)
Cloudflare’s APO caches dynamic WordPress HTML at the edge — not just static files — for huge performance gains globally. Enable this in the plugin or Cloudflare dashboard once your API token connection is live.
This is especially valuable for blogs and WooCommerce stores.
Page Rules (Optional but Helpful)
Page Rules can refine caching:
| Rule | Purpose |
|---|---|
*yourdomain.com/wp-admin* | Bypass cache for admin pages |
*yourdomain.com/* | Always use HTTPS |
These boost performance and avoid serving outdated admin pages from cache.
4. Common Mistakes to Avoid
Not updating DNS properly: If Cloudflare’s nameservers aren’t set correctly, visitors won’t be routed through Cloudflare.
Misconfiguring SSL: Wrong SSL mode can cause redirect loops or insecure content errors.
Skipping plugin connection: Without the plugin, automated cache purging and APO won’t work, reducing performance benefits.
5. How to Verify Your Setup
Once you’ve finished:
✔ Visit your site and check for HTTPS and no errors.
✔ View your DNS in Cloudflare and confirm proxy (orange cloud) is enabled where needed.
✔ Test speed in PageSpeed Insights or GTmetrix — you should see lower load times after caching is live.
6. How BBI Can Help
Setting up Cloudflare correctly can be surprisingly tricky — done badly it can slow you down or even break your site. At BBI, we specialise in:
- Cloudflare setup & optimisation
- Cache configuration
- WordPress performance tuning
- Security hardening
If you’d like expert setup that actually improves real-world performance, we can help — get in touch.