Using the Cloudflare plugin with WordPress
WordPress is a free and open-source content management system. Many WordPress sites use Cloudflare to increase site speed with our free CDN and protect site resources with our security features.
After creating a Cloudflare account and adding a website, using Cloudflare with WordPress requires installing the Cloudflare plugin and configuring security and performance settings.
Before getting started
Before adding your WordPress site to Cloudflare,
- Create a Cloudflare account. You can also learn more about how to get started with Cloudflare in our Cloudflare 101 documentation.
- If you self-host an Apache server, download mod_remoteip to ensure that your IP address is logged correctly in both Apache logs and web applications.
- Add all Cloudflare IPs to an allowlist to avoid rate-limiting or blocking.
Activate the WordPress Plugin
The Cloudflare plugin for WordPress allows you to ensure your site is running optimally on the WordPress platform.
To install and activate the plugin,
- Log in to the WordPress dashboard.
- Navigate to Plugins.
- Search for ‘Cloudflare’, and click Install.
- Click Activate Plugin.
After installing the Cloudflare WordPress plugin, to configure plugin settings,
- Click Settings and choose the Cloudflare plugin. The Cloudflare login page appears.
- Enter your Cloudflare login credentials, including your email and Cloudflare API key, then click Save API Credentials.
- For more information about the API key and how to retrieve it, review our documentation.
After configuring the Cloudflare WordPress plugin, customize your Cloudflare configuration with the following features to further improve security and performance:
- Navigate to the Firewall app in the Cloudflare dashboard, then the Managed Ruleset tab, and toggle the Cloudflare WordPress rule to On
- Cache Static HTML with Cloudflare Page Rules
- Optimize images with Polish and Mirage
- Enable HTTP/2
In the event you cannot go back into your wp-admin area, in order to recover access, please perform any of the following:
- If you can access your wp-admin area, disable the Cloudflare plugin and/or upgrade it to v3.8.2
- If not, ssh into your server and delete the plugin directory, located at ../wp-content/plugins/cloudflare, after which you can reinstall your plugin and your settings will be preserved.
- Restore a website backup from your hosting provider dashboard
Delete the plugin from the hosting provider “file manager” from inside your cPanel (Plesk)
- Path to navigate to the plugin inside your FTP folders is: wp-content -> plugins -> cloudflare
Also as of WordPress 5.2, if WordPress is able to send emails, on a critical error, it will send the site owner a link to recovery mode which disables all plugins.