Cloudflare offers a robust suite of tools that deliver a global content delivery network (CDN), DDoS protection, and performance enhancements for websites of every size, from personal sites to enterprise brands.
If you host your website with a managed provider, there’s a good chance you’re already benefiting from built-in Cloudflare integration, enjoying both its speed and security boosts automatically. For those who want to fine-tune settings—such as managing DNS, setting up custom firewall rules, or controlling caching—you have the flexibility to set up your own Cloudflare account and connect your website manually.
In this step-by-step guide, you’ll learn how to set up Cloudflare for your WordPress website. We’ll cover connecting your domain, configuring DNS, and optimizing settings so your site runs smoothly alongside any platform integration you might be using.
Table of Contents
Install and configure Cloudflare
This guide assumes you have a Cloudflare account. If you need one, head to the Cloudflare signup page to create a free account.
Step 1: Add your domain
Log in to your Cloudflare dashboard, select + Add, and enter your domain name—just the root (for example, example.com), no need for www or https://. Click Quick scan for DNS records and then Continue.
Select the Cloudflare plan that fits your needs. The free tier delivers ample performance and security for most WordPress sites.
Step 2: Check your DNS records
After scanning, Cloudflare auto-imports your current DNS records. Review each record—especially mail (MX), TXT, and CNAME entries—to make sure details are accurate for a seamless transition.
Step 3: Add CNAME records
To link your domain with your hosting provider, add CNAME records in Cloudflare’s dashboard. This step is essential for directing site traffic to your WordPress environment.
From your Cloudflare dashboard, go to the DNS > Records section. First, remove any existing A records for your root domain. Next, add a CNAME record for the root (apex) domain and direct it to [sitename].hosting.kinsta.cloud.
If a CNAME exists for www, update it to point to [sitename].hosting.kinsta.cloud. If not, create one. Make sure the orange cloud icon (proxy) is active for both records, then click Continue.
Step 4: Update your domain’s name servers
The next step is to change your domain’s nameservers so they point to Cloudflare. This information will be provided in your Cloudflare dashboard.
Cloudflare acts as a full proxy, so after you update your nameservers at your domain registrar, all traffic is routed through Cloudflare before reaching your host. Switching nameservers is a standard step and does not cause downtime. You’ll find support documents tailored to major registrars to guide you through the process.
- How to change nameservers with Namecheap
- How to change nameservers with GoDaddy
- How to change nameservers with Bluehost
Once you’ve updated your nameservers, click Continue.
Although changes are often quick, allow up to 24 hours for global DNS updates to complete.
Step 5 (Optional)
WordPress users can take an additional (optional) step. Installing the official Cloudflare plugin is recommended, as it unlocks advanced features and improves compatibility.
Get the plugin from the WordPress plugin directory or directly via your site’s dashboard under “Add New” plugins. This plugin provides:
- Unique IP address display in WordPress comments
- Automatic cache clearing
- Preventing redirect loops when Universal SSL is active
- Ability to adjust Cloudflare settings, purge cache, and optimize images directly from WordPress
- View analytics including visitor metrics, bandwidth use, and blocked threats
- Support for HTTP2/Server Push
After install, enter your Cloudflare account email and API key in the settings. You can find your API key here; select the “Global API Key.” Be sure to save your credentials.
On the “Home” tab, you can apply default or custom settings.
Under Settings, advanced options let you:
- Optimize images (on Pro and above plans)
- Enable Development Mode for real-time edits
- Adjust security levels
- Set up Automatic HTTPS Rewrites to avoid mixed content issues
The Analytics tab provides in-depth activity stats, from traffic levels to threat reports.
Common Cloudflare Problems
One of the most frequent issues you might encounter after setting up Cloudflare on WordPress is the “ERR_TOO_MANY_REDIRECTS” message in Chrome or “The page isn’t redirecting properly” in Firefox.
This typically happens if SSL is enabled on your host while Cloudflare’s SSL mode is set to Flexible. If your host already provides an SSL certificate, switch Cloudflare’s SSL setting to Full to resolve the redirect loop.
Alternatively, you can set up a page rule in Cloudflare to fix specific configuration conflicts.
How to clear Cloudflare cache
If you’re troubleshooting or updating your site, you may need to purge Cloudflare’s cache. There are two simple ways to do this:
Option 1 – Clear Cloudflare cache in WordPress plugin
With the Cloudflare plugin installed on your site, navigate to Settings > Cloudflare to easily clear the cache.
Option 2 – Clear Cloudflare cache from control panel
Alternatively, you can log in to the Cloudflare dashboard and select the Caching tab, then use the “Purge Everything” button to clear all cached files.
Once your setup is stable, it’s ideal to purge only specific files as needed. Cloudflare lets you specify individual files for cache purging.
Tip: Purging all cache may momentarily slow your site as assets re-cache, but targeted purges help maintain optimal performance.
Why Use Cloudflare with WordPress?
Cloudflare goes beyond traditional CDN services by offering a multi-layered approach to website security and performance. Here’s why so many WordPress site owners rely on Cloudflare:
- Automatic DDoS Mitigation: Cloudflare detects and blocks malicious traffic, helping to keep your website online during attack attempts, without any manual intervention.
- Smart Caching Algorithms: By strategically caching both static assets (images, CSS, JavaScript) and, with APO, even dynamic content, Cloudflare dramatically improves load times globally.
- SSL Flexibility: You can issue a free SSL certificate via Cloudflare, even if your host doesn’t provide one, ensuring HTTPS encryption for all visitors.
- Enhanced Performance Tools: Features like image optimization, mobile acceleration, HTTP/3, Brotli compression, and automatic minification are readily available for easy performance tweaks.
- Global Reach: With data centers in over 300 locations, Cloudflare consistently delivers content close to your site’s visitors, no matter where they’re located.
Best Practices for Optimizing Cloudflare on WordPress
Once Cloudflare is connected, maximize its benefits by applying these proven tips:
- Enable Automatic HTTPS Rewrites: This helps fix mixed content issues, ensuring your site delivers all assets securely.
- Use “Always Use HTTPS” Rule: Redirect all HTTP requests to HTTPS for consistent security and improved SEO signal.
- Fine-Tune Security Levels: Raise your Cloudflare threat security settings during times of increased spam or brute-force attacks. Adjust default levels for regular traffic needs.
- Leverage Rate Limiting: Protect login and admin pages by configuring Cloudflare Rate Limiting to block or slow repeated suspicious access attempts.
- Optimize Cache Settings: Set the cache TTL (time to live) based on how frequently your content changes, and exclude sensitive pages (like WP-admin or cart/checkout for e-commerce) using Page Rules.
- Monitor Analytics: Regularly check Cloudflare’s analytics for unusual activity spikes, potential threats, and performance metrics to make informed adjustments.
- Enable Bot Fight Mode: Deter automated attacks and content scraping by activating Bot Fight Mode under the Security settings.
- Test with Development Mode: When making live changes to your WordPress theme or plugins, temporarily enable Development Mode in Cloudflare to bypass cache and instantly see edits.
Troubleshooting Tips and Additional Support
If your site experiences trouble after connecting to Cloudflare, these additional troubleshooting tips can help:
- Check Origin Server SSL: If SSL issues persist, ensure your origin server’s certificate is up-to-date, or enable “Full (strict)” SSL for the highest level of encryption.
- Whitelist Cloudflare IPs: Some hosts may block requests from Cloudflare’s proxy. Ask your host to whitelist all Cloudflare IP ranges to avoid access issues.
- Plugin Conflicts: Some caching or security plugins might conflict with Cloudflare caching. Disable or adjust settings in plugins that handle minification, SSL, or header manipulation, as Cloudflare will often handle these more efficiently at the CDN level.
- Contact Support: If issues persist, both Cloudflare and most WordPress hosts have robust support teams knowledgeable about Cloudflare integration.
Advanced Features: Exploring Cloudflare’s Ecosystem
- Firewall Rules: Go beyond standard security with custom Firewall Rules, blocking or challenging suspicious countries, IP ranges, or agents.
- Workers: Employ Cloudflare Workers (serverless code at the edge) to create custom logic—such as rewriting URLs, handling redirects, or processing requests before they reach your server.
- Access: Protect sensitive admin areas or staging sites with Cloudflare Access, adding identity checks and MFA (multi-factor authentication) for granular access control.
- Page Rules: Tailor performance and security by creating Page Rules—for example, bypassing cache for /wp-admin/*, enabling higher security for login pages, or forwarding “www” traffic to non-www URLs.
- Automatic Platform Optimization (APO): Cloudflare’s APO caches your site’s HTML at the edge, speeding up Time to First Byte (TTFB) for dynamic WordPress pages globally. Ideal for blogs, storefronts, and high-traffic environments.
Summary & Next Steps
Once you’ve set up Cloudflare, observe your site’s loading times, security reports, and user experience. Continue to explore Cloudflare’s dashboard for new features or insights tailored to your evolving needs. The platform frequently releases updates, bringing innovative solutions for site speed, privacy, and threat mitigation.
For ongoing optimization, consider subscribing to Cloudflare’s blog for updates, or joining user communities and forums to exchange tips with fellow WordPress users and developers.
Cloudflare’s solutions scale as your site grows, making it a strong long-term partner in your WordPress performance and security journey.
