Crealanta Magazine

How to configure Cloudflare's Settings for WordPress

Apr 27, 2022
Cloudflare settings for WordPress.

How?

Once configured properly the requests that come for your website will be routed through an Cloudflare server, which will be able to determine if the request needs to be sent to the server that originated it, served from cache, block, or handled using custom rules.

DNS vs Cloudflare DNS

In terms of performance as well as uptime, Cloudflare DNS and DNS perform very similar in terms of performance and uptime and both offer excellent service. The main difference between these two solutions is Cloudflare's extra security and performance options. DNS is solely a DNS solution. However, Cloudflare provides DNS and an alternative proxy layer, which acts as a firewall, CDN, and more.

How to configure Cloudflare's Settings for WordPress

Cloudflare has a wide range of performance and security benefits However, it isn't all completely adaptable to WordPress. Let's look in depth into the settings of Cloudflare to determine the top features that you can use for your WordPress website.

SSL

Cloudflare offers four different modes for SSL/TLS encryption: Off Flexible, Full as well as Full (Strict).

  • Off - No encryption.
  • Flexible Only encrypts the connection between your browser and Cloudflare.
  • Full End-to-end encryption, but lets you use a self-signed certificate on the server of origin.
  • Ful (Strict) - End-to end encryption that requires an origin certificate free by Cloudflare or a certificate from a reliable CA (certificate authorities). We recommend that you use SSL in the Full (Strict) SSL mode to ensure maximum security.

Alternatively, you can also create an Cloudflare origin certificate to install on your origin server. If your host doesn't offer free SSL certificates and you want to install a Cloudflare origin certificate on the server will permit you to use the Full (Strict) SSL mode.

This feature lets you utilize Cloudflare's Flexible SSL while ensuring Cloudflare Full (Strict) SSL for a subdomain that is hosted on .

Always use HTTPS.

The HSTS

Minimum TLS Version

Automatic Rewrites of HTTPS

Speed

A majority of Cloudflare options related to efficiency, such as Image optimization and asset minification, can be found in"Speed" "Speed" section.

Image Resize (Business Only)

The Cloudflare feature for image resizing operates by prepending an ending point to your images. Look at the example below that demonstrates how the function works.

  Original Image URL  

  https://yourdomain.com/wp-content/uploads/2020/01/picture.jpg  

  Sized Image URL  

  https://yourdomain.com/cdn-cgi/image/fit=contain,format=auto,metadata=none,onerror=redirect,quality=70,width=720/https://yourdomain.com/wp-content/uploads/2020/01/picture.jpg  

Its "width" parameter can be altered to produce diverse thumbnail sizes in real-time with no additional resources on your server of origin. If you're in search of an independent service comparable to Cloudflare's image size resizing feature, Imgix and Cloudinary are excellent options.

Polish (Pro Only)

Auto Minify

Brotli

Enhanced HTTP/2 Prioritization (Pro Only)

Mirage (Pro Only)

Mirage can also make multiple image requests a single request, which can reduce the amount of roundtrips required to fully load the page. If your site uses a number of images and targets a mobile-heavy demographic, Cloudflare Mirage can have an impact positive on the efficiency.

Rocket Loader

Caching

Caching Level

We would recommend keeping the caching level at "Standard", which permits the most recent versions of assets to be accessed through a specific query string.

Browser Cache Expiration

Firewall

Want to know what we did to increase our traffic over 1000%?

Join the 20,000+ who receive our newsletter every week with insider WordPress tips!

The majority of WordPress websites, the amount of security offered by Cloudflare's free plan will suffice. If you're operating a mission-critical business site which requires additional security, Cloudflare's Pro-level WAF and controlled rulesets will help protect your website further.

Network

Secure HTTP/3 connections benefit from an enhanced handshake routine, which results in shorter connection times. When HTTP/3 is enabled in the dashboard of your Cloudflare dashboard, clients that are supported will be able to use HTTP/3 to connect with Cloudflare servers.

Lastly, Cloudflare's 0-RTT Connection Resumption feature speeds up loading times for visitors who were previously connected to your website.

Page Rules

Cloudflare forwarding URL page rule.
Cloudflare forwarding URL page rule.

This rule matches URLs that start with www.brianonwp.com. Note the addition of the asterisk character, which lets you create matching patterns with wildcards. Imagine the asterisk as "anything there". Under the URL pattern, you can see this page rule is configured to 301 redirect all matching requests to https://brianonwp.com/$1, where "$1" refers to the "first wildcard" in the matching pattern.

With a page rule like this one, requests to www.brianli.com/specific-page/ will be redirected to brianli.com/specific-page/.

With Cloudflare page rules, you are able to set specific parameters to each matching URL. Look over the list of settings that can be applied to page rules. Some settings are even able to be combined to form a single page rule!

  • Always Online - turn on or off Cloudflare's "Always Online" feature which serves static HTML copies of webpages if the source server is found to be offline.
  • Always use HTTPS to force HTTPS on matching URLs.
  • Auto Minify Auto Minify HTML0 - enable or disable HTML, CSS, and JS minification.
  • Automated HTTPS Rewrites allow rewriting HTTP URLs in HTML to HTTPS versions.
  • Browser Cache TTL define the browser cache TTL on matched URLs. For example, you can set different browser cache TTLs to match different types of documents.
  • browser Integrity Check  Browser Integrity Test enable or disable Cloudflare's "Browser Integrity Check" feature, which inspects HTTP headers in order to identify spammers and other malicious traffic.
  • Cache Deception Armor - enable or disable Cloudflare's "Cache Deception Armor" feature which guards against attack on web caches by ensuring an asset's file extension matches its "Content-Type".
  • Cache Level - Configure the cache level to allow for matches URLs.
  • Disable Apps - disable Cloudflare app integrations for matching URLs.
  • Disable Performance - disable the performance-related functions when URLs are in a similar format.
  • Disable Railgun - disable Railgun for matching URLs.
  • Enable Security disable security options for web pages that are compatible.
  • Edge Cache TTL - define the edge cache TTL (the duration for which an asset is stored on Cloudflare's edge networks).
  • Email Obfuscation - activate or deactivate Cloudflare's email obfuscation script which reduces successful bot scraping through the scrambling of emails.
  • Forwarding URL - Create a 301 redirect or 302 redirect for another URL.
  • Header IP Geolocation - switch on or off Cloudflare's IP geolocation HTTP header.
  • Opportunistic Encryption - allows clients to access HTTP URLs over a secure TLS channel.
  • Origin Cache Control - specify how you want Cloudflare to handle the server's "Cache-Control" directive.
  • Rocket Loader - toggle or disabling Rocket Loader on matching URLs.
  • Security Level - specify the security level that matches URLs.
  • Server Side Excludes turn on or off Cloudflare's "Server Side Excludes" feature which allows you to block private information from malicious web traffic by wrapping HTML into