Using the Cloudflare plugin with WordPress

​​ Overview

WordPress Open external link is a free and open-source content management system. Many WordPress sites use Cloudflare to increase site speed with our  free CDN Open external link  and protect site resources with our security features Open external link .

After creating a Cloudflare account and adding a website Open external link , using Cloudflare with WordPress requires installing the Cloudflare plugin and configuring security and performance settings.

​​ Before getting started

Before adding your WordPress site to Cloudflare,

• Create a Cloudflare account Open external link . You can also learn more about how to get started with Cloudflare in our Cloudflare 101 Open external link documentation.
• If you self-host an Apache server, download mod_remoteip Open external link to ensure that your IP address is logged correctly in both Apache logs and web applications.
• Add all Cloudflare IPs Open external link to an allowlist to avoid rate-limiting or blocking.

​​ Activate the WordPress Plugin

The Cloudflare plugin for WordPress Open external link  allows you to ensure your site is running optimally on the WordPress platform.

To install and activate the plugin,

1. Log in to the WordPress dashboard.
2. Navigate to Plugins.
3. Search for ‘Cloudflare’, and click Install.
4. Click Activate Plugin.

After installing the Cloudflare WordPress plugin, to configure plugin settings,

1. Click Settings and choose the Cloudflare plugin. The Cloudflare login page appears.
2. Enter your Cloudflare login credentials, including your email and Cloudflare API key, then click Save API Credentials.
   • For more information about the API key and how to retrieve it, review our documentation Open external link .

After configuring the Cloudflare WordPress plugin, customize your Cloudflare configuration with the following features to further improve security and performance:

• Navigate to the Firewall app in the Cloudflare dashboard, then the Managed Ruleset tab, and toggle the Cloudflare WordPress rule to On
• Cache Static HTML with Cloudflare Page Rules Open external link
• Optimize images with Polish Open external link and Mirage Open external link
• Enable HTTP/2 Open external link
• Minify Open external link HTML, CSS, and JavaScript

​​ Removing Plugin

In the event you cannot go back into your wp-admin area, in order to recover access, please perform any of the following:

​​ Manual delete

• If you can access your wp-admin area, disable the Cloudflare plugin and/or upgrade it to v3.8.2
• If not, ssh into your server and delete the plugin directory, located at ../wp-content/plugins/cloudflare, after which you can reinstall your plugin and your settings will be preserved.
• Restore a website backup from your hosting provider dashboard

​​ Delete the plugin from the hosting provider “file manager” from inside your cPanel (Plesk)

• Path to navigate to the plugin inside your FTP folders is: wp-content -> plugins -> cloudflare

Also as of WordPress 5.2, if WordPress is able to send emails, on a critical error, it will send the site owner a link to recovery mode which disables all plugins.

​​ Related Resources

• Caching Anonymous Page Views with WordPress or WooCommerce Open external link
• Speed Up WordPress and Improve Performance Open external link