What this plugin can do for you
One-click WordPress-optimized settings
The easiest way to setup Cloudflare for your WordPress site.
Web application firewall (WAF) rulesets
Available on all of Cloudflare’s paid plans, the WAF has built-in rulesets, including rules that mitigate WordPress specific threats and vulnerabilities. These security rules are always kept up-to-date, once the WAF is enabled, you can rest easy knowing your site is protected from even the latest threats.
Automatic cache purge
Occurs when you change the appearance of your website. This means that you can focus on your website, while we ensure that the latest content is always available to your visitors.
(Note: By default, Cloudflare does not cache HTML, and a cache purge is not required on updating HTML content such as publishing a new blog entry).
Header rewrite to prevent a redirect loop when Cloudflare’s Universal SSL is enabled
Change Cloudflare settings from within the plugin itself without needing to navigate to the cloudflare.com dashboard. You can change settings for cache purge, security level, Always Online, and image optimization
View analytics such as total visitors, bandwidth saved, and threats blocked
Support for HTTP2/Server Push
Make sure your PHP version is 5.3.10 or higher.
From your WordPress Dashboard
- Visit “Plugins” → Add New
- Search for Cloudflare
- Activate Cloudflare from your Plugins page.
- Download Cloudflare
- Upload the “cloudflare” directory to your “/wp-content/plugins/” directory, using ftp, sftp, scp etc.
- Activate Cloudflare from your Plugins page.
- Go to cloudflare.com
- Login with your cloudflare account. (If you don’t have a Cloudflare account first sign up for Cloudflare)
- Press your account name on top right corner and select “My Settings”
- Scroll down to “API Key” → “Global API Key” → View API Key
- Copy the API key
- Return back to WordPress Cloudflare Plugin page
- Enter your email address and paste your API key
- Press Login.
- Do I need a Cloudflare account to use the plugin?
Yes, on install and activation the plugin, first time users will be asked to enter their email address (used to sign-up for an account at cloudflare.com) and their user API key. This is needed to support all the features offered by the plugin.
- What settings are applied when I click “Apply Default Settings” in Cloudflare’s WordPress plugin?
You can review the recommended settings that are applied here.
- Does the plugin work if I have Varnish enabled?
Yes, Cloudflare works with, and helps speed up your site even more, if you have Varnish enabled.
Out of the box, this plugin worked really well for me. I had to disable the CloudFlare feature in WP Rocket. Support has been really timely.
2 features I would like to see:
1. Some way to specific which files to use “server push” with.
2. An audit log. I chose the “default” config when I installed and it overwrote some settings I had made through the CloudFlare web interface. I had to figure out which ones were changed
I’ve used this on other sites recently and it worked fine. What seemed to mess it up and generate a totally grey “settings” page was the “All In One WP Security” plugin.
I set up cloudflare first; got the API etc into the wordpress plugin and then set up AIO Security. From that point on I can no longer see the settings in the cloudflare plugin.
After entering the data continuously updated Scrin
Very good, thanks to the developers and cloudflare for making the web better and safer.
Contributors & Developers
“Cloudflare” is open source software. The following people have contributed to this plugin.Contributors
3.2.1 – 2017-3-14
- Bug where accounts which had more than 20 zones would not show up correctly.
3.2.0 – 2017-3-1
- Bypass Cache By Cookie functionality.
- HTTP/2 Server Push functionality (disabled by default).
- Lowered the plugin size.
- Automatic Cache Management feature includes purging taxonomies.
- Automatic Cache Management feature supports sites which use both HTTP and HTTPS.
- Admin bar disappearing from the plugin.
- Bug where spinner was loading forever.
- Bug where the backend errors where not being shown in the frontend.
- Issues where IE11 was not working properly.
3.1.1 – 2016-11-17
- Moved Admin Bar behind Automatic Cache Purge toggle.
3.1.0 – 2016-11-17
- Added ability to automatically purge cache when a post is published, edited or deleted. (Thanks to brandomeniconi and mike503)
- Added ability to work with WordPress MU Domain Mapping plugin. (Thanks to brandomeniconi)
- Changed the UI to look more like cloudflare.com dashboard.
- Changed plugin description.
- Disabled showing WordPress Admin Bar and Edit Post Link to avoid caching problems for users using HTML Caching.
- Fixed bug where require vendor folders was not working.
- Fixed bug where static files were cached which caused issues updating the plugin.
- Fixed dependencies which caused issues with PHP Compatibility Checker plugin.
3.0.6 – 2016-10-6
- Added ability to toggle Development Mode.
- Fixed bug where active zone dropdown was not working properly.
- Compressed resources to lower plugin size.
- Updated Cloudflare logo.
3.0.5 – 2016-09-28
- Fixed bug where refactored Flexible SSL fix was causing the settings page hook not to load.
3.0.4 – 2016-09-27
- Ability for users to toggle Automatic HTTPS Rewrites (enabled by default, solves for most mixed content errors).
- Fixed an issue where low PHP version where getting syntax error.
- Fixed issue where some users using Flexible SSL where not able to login to wp-admin .
- Fixed a bug where the active zone selector was not paginating through the whole zone list.
- Fixed an issue where the setting for Image Optimization was being displayed incorrectly.
- Fixed a bug in Analytics where the Uniques Visitors data was not displaying accurately.
- Compressed assets to lower plugin size.
- Hooks loading logic refactored to make it more simple and readable.
3.0.3 – 2016-09-21
- Fixed an issue where some domains were being incorrectly propagated to the domain selector dropdown
- Fixed an issue where the Web Application Firewall was accidentally triggering RFI Attack Rules
- Fixed an issue where image optimization was not being enabled for Pro and higher Cloudflare plans
3.0.2 – 2016-09-16
- Disabled HTTP/2 Server Push which was leading to 520 and 502 errors for some websites.
3.0.1 – 2016-09-16
- Fixed HTTP/2 Server Push exceeding the header limit Cloudflare has which caused 520 errors.
- Fixed warning message in HTTP/2 Server Push.
3.0.0 – 2016-09-15
- Added one-click application oft WordPress specific recommended settings
- Added ability to purge the Cloudflare cache
- Integrated with WordPress cache management to automatically clear the Cloudflare cache on updating site appearance
- Added ability to change Cloudflare settings (Always Online mode, I’m Under Attack, Image Optimization, Security Level, Web Application Firewall)
- Added Analytics showing Cached Requests, bandwidth used, unique visitors, threats blocked
- Added Header rewrite to prevent a redirect loop when Cloudflare’s Universal SSL is enabled
- Added HTTP/2 Server Push support
- Added Support for PHP 5.3+
- Removed HTTPS Protocol Rewriting
- Removed submission of spam comments
- Removed ability to toggle Development Mode On/Off
- Updated user interface
- Started to support WordPress 3.4+ instead of 2.8+ because we depend on the WordPress Options API