Cloudflare is a well-known service that acts as a middleman between your visitors and your website. If you run a WordPress site, it can help your site load faster, boost security, and reduce downtime, often with an easy setup. This beginner’s guide explains the basics: DNS, SSL, caching, and DDoS protection, along with a simple checklist of what to turn on or off. If you need tips on Cloudflare SSL for WordPress or want to know the best DNS settings, you’re in the right place.
What Cloudflare actually does
You can picture Cloudflare as a smart front desk for your website. Rather than letting every visitor connect directly to your server, Cloudflare steps in first and handles key tasks like delivering static files quickly, blocking suspicious visitors, and keeping your site online during traffic surges.
In practice, Cloudflare is the first line of defence and performance boost for your site. Your server still runs WordPress, but Cloudflare manages how visitors reach your site and decides what traffic to filter or speed up.
When you use Cloudflare, your domain’s DNS points traffic through Cloudflare’s network. Cloudflare can then:
- Cache static assets (images, CSS, JS) closer to your visitors
- Filter malicious traffic before it reaches your server.
- Provide SSL/TLS options even if you’re not a server expert.
- Help absorb traffic spikes and DDoS attacks.
DNS basics (Cloudflare DNS settings)
DNS might seem confusing, but here’s the easy explanation: DNS tells the internet where your website is located when someone types sabako.id, DNS changes that map the name to the server address that answers the request.
In Cloudflare, the main setting for beginners is the cloud icon next to each DNS record. This icon shows if Cloudflare is handling DNS, protecting and speeding up your traffic. The key point: if you see an orange cloud, Cloudflare is active in front of your site.
In the DNS tab, you’ll see records like A, AAAA, and CNAME. The key setting is the cloud icon:
- Proxied (orange cloud): traffic goes through Cloudflare (recommended for your website)
- DNS only (grey cloud): Cloudflare only answers DNS; traffic goes direct
Typical setup:
- @ (root domain) → A record to your server IP → Proxied
- www → CNAME to @ → Proxied
Keep “DNS only” for services that shouldn’t be proxied (some mail records, certain verification endpoints, or custom ports).
SSL/TLS for WordPress (Cloudflare SSL WordPress)
If you’ve ever noticed a “Not Secure” warning in your browser, SSL/TLS is what solves that problem. It encrypts the connection so your data, like logins, admin sessions, and contact forms, stays private. For WordPress, SSL is now a must-have for both trust and SEO.
Cloudflare offers multiple SSL modes, and choosing the wrong one can cause headaches like login loops, mixed content warnings, or redirect issues. This section matters more than people expect.
Go to SSL/TLS → Overview. You’ll see modes:
- Flexible: encrypts browser→Cloudflare, but not Cloudflare→server (avoid for WordPress)
- Full: encrypts both, but doesn’t validate the origin cert.
- Full (strict): encrypts both and validates the origin cert (best practice)
For most WordPress sites, choose Full (strict) and install a valid SSL certificate on your server (Let’s Encrypt is fine). Then enable:
- Always Use HTTPS
- Automatic HTTPS Rewrites (helpful if you have mixed content)
Caching: what it speeds up
Caching with Cloudflare means it remembers files it has seen before and serves them quickly from a nearby location, so your server doesn’t have to handle every request. This works best for static files like images, CSS, and JS. For many WordPress sites, this can make your site feel much faster, especially for visitors who are far from your server.
Many beginners run into problems when they try to cache everything, including pages that need to remain dynamic, such as admin pages, logged-in content, or checkout pages. It’s best to start simple: let Cloudflare speed up static files, and only add more advanced caching once you know which pages should never be cached.
Cloudflare’s caching mostly affects static files. You can stick with the default settings to start. If your theme is large, caching can make your site load much faster, especially for visitors from other countries.
With WordPress, avoid aggressive page caching on Cloudflare unless you’re sure about the settings. Caching can cause problems for logged-in users, shopping carts, and other pages that change often.
DDoS protection: the built-in safety net
A DDoS attack happens when a website is flooded with fake traffic, making it hard for real visitors to access the site. Even small or unknown sites can be targeted, sometimes at random or by bots searching the web.
The nice part is that if your DNS records are proxied (orange cloud), you already get baseline DDoS mitigation. Cloudflare absorbs and filters much of the junk before it reaches your server. From there, you can apply layers to fine-tune your targeting.
Cloudflare provides DDoS mitigation for proxied traffic by default. You can add extra protection using:
- WAF (Web Application Firewall) rules (plan-dependent)
- Bot Fight Mode (if available)
- Rate Limiting (often paid, but powerful)
What to turn on/off (beginner-safe)
If you’re new to Cloudflare, it’s best to focus on making your site secure and stable before optimising for speed. Choose settings that protect your site without affecting WordPress features like logins, plugins, or pages that change often. The checklist below is safe for most beginners. Once you’re comfortable, you can try more advanced options.
Enable:
- SSL/TLS mode: Full (strict)
- Always Use HTTPS
- Auto Minify (CSS/JS/HTML) optional, test for layout issues
- Brotli compression
- DDoS protection (default)
Disable / avoid at first:
- Flexible SSL
- “Cache Everything” page rules (until you understand exclusions)
- Rocket Loader (can break JS-heavy sites)