What is Cloudflare?
Cloudflare is one of the largest content delivery networks in the world. A content delivery network is best-known by the acronym, CDN. Cloudflare was launched in 2008. Today, it has grown in a massive giant offering CDN services to 12+ million domains via 180 datacenters distributed globally.
Just how massive is Cloudflare?
You can understand the sheer size of Cloudflare only when I put some numbers in front of you. Here is a set of interesting data that will captivate you:
- Wikipedia, Bing, Instagram, Apple, Amazon, and Twitter put together serve fewer web traffic than Cloudflare.
- 10,000+ new customers sign up for Cloudflare service every single day.
- An average Internet user will touch Cloudflare at least 500 times a day.
- The moment Cloudflare pushes any code, it immediately affects 200+ million Internet surfers.
Did that give you a fair idea? It should!
What Does Cloudflare Actually Do?
I said, Cloudflare is a content delivery network, but that is not everything. Cloudflare is also known for its suite of security services that ensure that a website remains protected against malicious activities from hackers, bots, crawlers, etc.
It has a Web Application Firewall that ensures that all the traffic that goes to a website first passes through the firewall. This is where all the bad traffic (as it is usually called) is filtered out, sending only genuine traffic to a website. Albeit, the website in question needs to be a client of Cloudflare.
By blocking unwanted and bad traffic, Cloudflare helps to not only keep a website secure, but it also helps to ensure that it saves the website’s bandwidth.
Remember, increased bandwidth can lead to increased hosting costs. So, it is imperative that you go ahead and filter out bad traffic.
What Are the Primary Features of Cloudflare?
Now that you know what Cloudflare does, it makes sense to tell you about the primary features of the service.
Let me be clear. Not all features are available for all plans. Different plans have different pricing structures and the features set differ.
Content Delivery Network:
Cloudflare offers one of the biggest content delivery networks in the world. They have 180 data centers across the world with Anycast CDN that cache the static content of a site on edge servers globally.
This distribution allows Cloudflare to deliver content from a server that is geographically as close to the reader as possible. As a result, latency drops and increases the page load time.
Besides, the Anycast CDN network also absorbs the traffic from distributed attack and disperses in globally across all CDN servers.
Cloudflare also offers a lot of website optimization features that eventually lead to faster page load. Some of those optimization features include:
- Aggressive GZIP compression.
- File minification.
- HTTP/2 network protocol for faster connections.
- Lossless image optimization and webp image support.
This is what many people are not aware of. Cloudflare controls 37% of managed DNS domains of the world. That’s a massive market share. It is because of this, Cloudflare runs the world’s largest and fastest DNS network. It has an average query speed of a few milliseconds.
Argo Smart Routing:
Cloudflare has its proprietary routing technology that routes visitors through the most reliable and the least congested path available on the Cloudflare network. This ensures that the connection errors are reduced by 27%, and Internet latency drops by 35% on average.
There are many web pages on a website that cannot be cached. There are two possible reasons for this. First, there is a misconfiguration that causes this error, and second, there are pages that are personalized or change frequently.
In both scenarios, any CDN has to requests those web pages from the origin server while serving the rest of the cached static resources from CDN servers.
Railgun uses a series of techniques that allow caching those uncacheable pages. Railgun selectively caches only those parts of the web pages that do not change, transmitting only the parts that change frequently.
The compression that Cloudflare achieves using Railgun is up to 99.6%. The techniques used are very similar to techniques that people use for compressing very high-quality videos. Result? 200% extra performance boost.
Cloudflare ensures continuous availability of all critical resources of a website by preventing service disruptions using server health checks, failover, geographic routing, and both global and local traffic load balancing.
Cloudflare provides free SSL protection to all its customers. However, for higher plans, Cloudflare allows adding a custom SSL certificate.
In my Sucuri review, I told you about WAF. Even Cloudflare provide WAF or Web Application Firewall. Cloudflare offers enterprise-grade WAF that is capable of detecting and blocking common application-layer vulnerabilities. It does so by using custom and application-specific rulesets, and OWASP top 10.
Yes, these are technical things, and if you are not comfortable reading about them, you can settle for a simple explanation. Cloudflare WAF will protect your website from hackers and malware injection.
DNSSEC refers to a cryptographic signature that is added to the DNS records. It is kept in the DNS servers along with different DNS records like A record, MX record, AAAA record, CNAME record, etc.
To understand DNSSEC, you need to understand what DNS means. In short, it is the phonebook of the Internet, which tells computers where to send information and retrieve it from. The only problem with this phonebook is that it will accept any address that is given to it – no questions asked!
This allows information to be routed through other servers. To prevent this, the DNSSEC entered the scene. The DNS resolver will verify, using the cryptographic signature, that the information is reaching the right destination, thereby eliminating the “Man-in-the-Middle” attack.
Cloudflare also provides streaming services. The service integrates Cloudflare’s CDN network with the company’s video storage, encoding, and video player (customizable). This allows for faster and reliable video delivery.
Okay, now that I have told you about the features that Cloudflare offers, it is time you take a look at the pricing structure of Cloudflare.
Cloudflare has different pricing plans. The feature available vary among the plans. The company offers four different pricing structures. They are:
|Number of Domains Allowed
|$0.00 per month
|$20.00 per month
|1 domain and unlimited subdomains
|$200.00 per month
|1 domain and unlimited subdomains
|1 domain and unlimited subdomains
Yes, you read it right! The Free Plan will allow you to add as many websites as you want. There is no limit to that. All other plans will allow you to add only one domain. That makes sense, doesn’t it! What’s free is available for every website in this world, should they choose to use Cloudflare.
So, if you have a thousand domains, you will get to add all your thousand domains for free in the Free Plan. Cloudflare will consider each one of them to have separate ownership.
The features available with the free plan are very restricted. Here is a quick list of features that you can enjoy with Cloudflare’s Free Plan:
- Global CDN – access to the entire network of Cloudflare.
- DDoS Mitigation – unmetered DDoS protection.
- Email support with the average 24-hour response time.
Yes, that all you get! In fact, that is enough for any small or new blog or website. Hackers won’t usually be interested in such sites. So, the primary benefit of the Free Plan is the CDN that helps to make your website faster.
Oh, I forgot! You will also get free HTTPS using Let’s Encrypt.
If you want features like Web Application Firewall, image optimization, etc., you need to upgrade to at least the Pro Plan.
Setting Up Cloudflare
Getting Started on Cloudflare Website
Setting up Cloudflare is, what I call, a mix of simplicity and complexity. If you don’t have the necessary knowledge, you will find it difficult. However, if you have some knowledge, you can quickly get it done.
To start with, you need to create a Cloudflare account. To do that, visit the Cloudflare website and click on the sign-up button.
The next screen that shows up is this:
Enter the credentials, hit the Create Account button, and wait for a verification email. Click on the verification link, and your account will be created.
Once your account is created, you will be taken to the dashboard, where you will have to add a domain.
Once you click on the Add Site button after adding your domain (make sure you are adding something like yourdomain.com and not http://yourdomain.com, or https://yourdomain.com, or www.yourdomain.com), you will see the plan selection page.
This is what you will see:
Select whatever you want. For the purpose of this review, I will use the Pro plan. On the next screen, you will have to provide the payment method details. You can use a credit card or PayPal.
This is what you will see:
Once you make the purchase, you will see the screen where Cloudflare will scan your DNS records. This is what you will see:
On the next page, you will see an awful lot of confusing things. Don’t touch anything. Simply click on the ‘Continue’ button.
This is what you will see:
When you reach the next screen, you will see two new nameservers. Those are the DNS entries. You need to add them to your domain. For this, you have to go to your account with your domain registrar, and from there, you need to add the new DNS records.
This is what you will see:
Now, this step will differ from one domain registrar to another. I use BigRock as my domain registrar. Yes, I know that they have an awful interface, but my journey into blogging started with BigRock as a domain registrar and hosting provider. So, I decided to keep BigRock as my domain registrar, but move to cloud hosting predominantly with Digital Ocean and Cloudways.
Now, changing the nameservers in BigRock is quite easy. All I have to do is log in, select the domain, and update the nameservers.
This is what it looks like:
Once you add the nameservers, propagation will start taking place within 20 minutes. In the worst-case scenario, it will take up to 48 hours. However, since you are on Cloudflare now, you should see changes happing within a few minutes.
Mine happened within 30 minutes! That’s how fast Cloudflare is.
Dealing with Cloudflare Dashboard on Cloudflare Website
If you are on the Cloudflare Free Plan, there is nothing much you can do about it. Most of the services will not be available for you. However, if you are on the Pro Plan or any higher plan, you can configure a lot of things.
Since I am using the Pro Plan, I will walk you through a few things.
When you have successfully added your site, you will see this dashboard on the Cloudflare site:
That’s an awful lot of buttons out there.
THE DNS TAB
The first two are not so important. All the confusion starts with the DNS button. Clicking on it will give you the DNS records for your domain.
Clicking on it will show you something like this:
The Pro Plan will not allow me to add custom nameservers. For that, I will need a Business Plan. I can, however, set up DNSSEC that comes with a Pro subscription. There is nothing that you cannot understand here. If you want to apply DNSSEC, Cloudflare will give you clear instructions.
The final option you see will be CNAME Flattening, and it is a very geeky thing. Explaining it here remains outside the scope of this review. However, you should use CNAME flattening when using Cloudflare. I will suggest that you use the default option.
THE SPECTRUM TAB
The next tab is Spectrum. Unless you are running an application like SSH, mail, game, etc., Spectrum is useless. But, if you are running anything like that, you need to enable it. This is an add-on service where you will not be charged for the first 5GB of traffic with a Pro Plan. If you have a Business or an Enterprise Plan, you will not be charged for the first 10GB of traffic.
After you consume the free quota, you will be charged at a rate of $1 per GB of traffic irrespective of the plan that you are using.
THE SSL/TLS TAB
Clicking on this tab will show you that you have an SSL encryption. Cloudflare offers this for free. Here is what you can see:
Don’t be heroic (unless you know what you are doing) and leave everything as is. No need to fiddle around with any setting.
THE FIREWALL TAB
You better not fiddle around with the settings here. Don’t try to add any rules on your own unless you know your stuff. I will suggest that you turn to the Managed Rules sub-tab and turn on the Web Application Firewall or WAF.
Remember that WAF is preconfigured. It is created by engineers of Cloudflare to provide the best performance against malicious codes and hackers.
Scroll down a bit to check whether WAF for WordPress is enabled or not. It should be because Cloudflare can detect that your website is powered by WordPress. If it is some other software powering your website, Cloudflare will detect that as well. Here is what it looks like:
You can scroll down to OWASP ModSecurity Core Rule Set and configure the Sensitivity and Action settings. This is what I use:
For the rest of the settings underneath the OWASP Rule Set, Cloudflare decides what’s best and keeps them ‘On’ by default. You don’t have to worry about them.
THE ACCESS TAB
If you have multiple users who access the backend of your website, or access different applications that you run, you can set access rules for those users separately from this tab. Since I don’t need this, and I am the sole person who controls my websites, I don’t use it.
THE SPEED TAB
The Speed tab is crucial. There are many options here. You will find all the website optimization options in this tab.
The first thing that you see when you open the Speed tab is how your website performs in both Cloudflare development mode and in the real world with Cloudflare actively caching and protecting your website.
The image below will give you an overview. Do note that the website that I added is new and sits on a Digital Ocean server with OpenLiteSpeed WordPress installation yet to be done. So, there’s nothing major to see here. However, things will differ in the case of an active or production site.
You will see that there will be some recommended optimizations. In my case, it asks me to enable Mirage. It is particularly important for mobile users who are on slow network connections.
Below the recommendation, you can see the Critical Loading Times for your website. A clear comparison of how much time it takes on a mobile 3G network and on a desktop with a cabled internet connection is shown. This is how it looks like:
Under the speed tab, you will see a sub-tab that reads optimizations. Click on it to fine-tune the website optimization as per your needs.
This is what it looks like:
It is nothing so difficult. If you want your website images to be automatically resized according to the viewport of your website readers, Cloudflare can do that, but that is possible only using their Business plan that will cost your $200 a month. That’s a lot.
Instead, you can go for options like MalCare or Sucuri that will give your WAF, CDN, and image optimizations options where you can serve automatically scaled images.
In the Polish segment, I will suggest that you use Lossy compression instead of Lossless compression. That’s because Lossless will retain EXIF data of your photos. Lossy will remove those data, allowing greater compression.
Also, do not forget to enable WebP versions. Doing so will ensure that Cloudflare serves on WebP images on supported browsers, thereby further reducing the page load time.
There are further optimization options that you can either enable or disable. Here are quick pointers:
Brotli Compression: It will improve page load speed by applying compression on the HTTPS traffic that comes to your site. Enable this option.
Enhanced HTTP/2 Prioritization: Be cautious about this. It may break your site. Technically, enabling this option will optimize the order in which the resources of your website are delivered. The order of delivery will no longer be browser-dependent. This option is particularly helpful for users of Microsoft Edge and Safari browsers.
TCB Turbo: It will remain enabled by default. There is nothing you can do to change this.
Mirage: I already told you about this. Enable it for faster load times on mobile phones using the slower 3G connection.
Rocket Loader: Enabling this can lead to massive improvements in your website’s page load time. However, be careful. Rocket Loader doesn’t play well with several plugins and several ad networks. For instance, if you are using the Mediavine ad network, it will not work with Rocket Loader.
Railgun: I explained it earlier, but the only way you can use it is if you have a Business Plan.
URL Prefetch: You will need at least the Enterprise Plan for this to work. This feature also increases the website speed.
AMP Real URL: Google changed its focus to mobile-first indexing. This requires your website to be very fast on mobile devices using a slower connection. To deal with this, Google launched AMP or Accelerated Mobile Pages.
Unfortunately, if you use AMP, the URLs of your website changes to cached AMP URLs from Google. If you want your site to show the real URL (which you should), even when you are using AMP, you should turn on this option.
Mobile Redirect: If you have a website that has a specially designed mobile-optimized version, you will want your visitors using mobile phones to see the mobile version of your website and not the desktop version. You can achieve that by adding the subdomain for the mobile-optimized site in Cloudflare. I use responsive designs. So, this option is meaningless to me.
THE CACHING TAB
Under this tab, you will see two sub-tabs. They are ‘Overview’ and ‘Configuration.’ The Overview sub-tab will show you all data related to your website. It will tell you the size of cached files served, the number of requests, etc.
You should be more interested in Configuration sub-tab. This is where you will set the caching rules. You can purge individual page caches or the whole website cache from this segment.
You can choose the caching level that Cloudflare offers. There are three different levels to select from. The default is Standard. The other two options are No Query Strings and Ignore Query Strings.
I will suggest that you try out different options and see how it plays out for different options. Usually, the default setting works just fine.
Browser Cache TTL is an interesting thing. Cloudflare instructs your visitor’s browser to keep the cached files for your website for a certain time.
If your website is static or if you have a blog where you follow a posting schedule (like one blog post a day), set a longer time. For instance, if you create two new posts daily at an interval of 12 hours, set the time to 12 hours. This is essential to speed up your website when a user requests it from his or her browser.
Within that set time, the user’s browser will serve the already cached files. Once the time is up and the new post is live, Cloudflare will create new cache files. The browser of the user will then serve the newly cached files.
Then you will have the option of Always Online. Turn this on to ensure that your website remains accessible through Cloudflare cache even if the origin server (that is the server where your website is hosted) goes offline for some time.
You will also find something called Development Mode. This is turned off by default. Turn it on only when you are making changes to your website, and you need to see how those changes are taking place in real-time. Never leave it in “On” status. Turn this on only when you need it to ensure that the load on the origin server remains low.
THE PAGE RULES TAB
Coming to the Page Rules tab this is where you can set different rules for individual pages. Different rules will tell Cloudflare how to different pages on your website. It is particularly helpful for e-commerce websites and large dynamic sites.
Since my blogs are fairly simple, I don’t need to set specific page rules. The rules remain the same for all blog pages and posts.
THE NETWORK TAB
It is better that you leave this tab untouched unless you know what you are doing. Few features are turned on by default, and they should give you better performance. However, if you want, you can turn on HTTP/3. But there is a possibility that it can break your site.
You can give it a try, but if things go wrong, turn it off!
THE TRAFFIC TAB
Under this tab, you can enable Argo. It is a smart traffic routing technology that I explained earlier. You will be billed separately for this. It is not a part of the Pro Plan.
If you want to use Argo, here is the pricing structure that you need to know:
|Number of Domains
|Less than 1 GB
|1 TB or 1000 GB
|10 TB or 10,000 GB
THE CUSTOM PAGES TAB
This is where you can set different pages that people will see under different circumstances. For instance, if someone is blocked by WAF, they can see one page, but if you are setting up an IP block or a country block, you can make people see another page.
You need to create those pages separately and add the URLs in this segment. It is easy, and there is nothing terrible about it. Noobs like you and I can do it with ease. Finally, I am feeling like having the combined intelligence of Einstein, Hawking, and Newton!
Damn, I am good!
THE APPS TAB
I don’t like this one, but you may! You can add various added features like the Sharing button, Tweet This button, Exit Intent popup, and more. I never use them. The choice is yours!
THE SCRAPE SHEILD TAB
This is the final tab that you will see. The contents of this tab are self-explanatory. You don’t need a noob like me to explain those things to you. My suggestion is to leave all the options, “On!”
This is the page that you will see:
Setting Up Cloudflare on WordPress
Now, it is time to control Cloudflare from within the WordPress dashboard. I am talking about WordPress simply because I use WordPress only. I don’t use any other software for my websites.
Visit your WordPress dashboard and search for Cloudflare from the ‘Plugins’ menu. Install it and activate it.
This is what it looks like:
Activate the Cloudflare plugin, and this is what you will see:
Once you click on Sign in, you will need to provide your email ID and your Cloudflare API key.
You need to get the API credential from your Cloudflare account dashboard. Go back to the Cloudflare website and click on My Profile menu item from the top righthand corner. This is what I mean:
You can find the API tokens from that page. This is what the page looks like:
You need the Global API Key. Click on the corresponding View button, enter your Cloudflare password, verify your humanity with the captcha, and bingo! You will see the API Key. This is what it looks like:
Sorry! Had to hide that key!
Once you have the key, go back to your WordPress dashboard, and enter your email and the API key. Once you do that, you will see this:
Now that you have Cloudflare on your website, you can just click around on all tabs and buttons to see what around. There is nothing intimidating here. You can turn on or turn off different settings by a single click!
If you come under DDoS attack, all you have to do is enable the “I’m under attack mode.” It is the big blue button you see on the top righthand corner.
You can enable image optimization, caching, Web Application Firewall, automatic HTTPS rewrites, and much more!
The interface is really simple!
Things I Like and Dislike About Cloudflare
There are several things that I like about Cloudflare and a handful of things that I don’t like. Let me tell you what I like and dislike about Cloudflare.
- I like the ability of Cloudflare to protect from DDoS attacks. In fact, its commitment to unmetered protection against DDoS traffic, even for the free tier, is commendable.
- The limitless CDN that Cloudflare offers is something I really love. I have a few sites that use the free version, and all those blogs are extremely fast.
- I like the way it allows complete control over cache management through both the Cloudflare interface and the WordPress plugin interface.
- It is very efficient in offering website optimizations with a single click. That’s something that often takes time when I am not using Cloudflare.
- Also, the service’s ability to reduce bandwidth by eliminating bot traffic and other bad traffic is something people on Shared hosting plans will enjoy.
- I also love how fast DNS propagation takes place once I connect my websites with Cloudflare.
- Cloudflare offers Argo routing, which is great to ensure fast and low-latency traffic routing.
- The Anycast CDN is very effective in mitigating DDoS attacks.
- Cloudflare has the largest CDN network in the world, making it the most sought-after CDN provider.
- The setup process is a bit tedious, and it can be confusing for noobs.
- In the case of image optimization, Cloudflare doesn’t offer auto-scaled image serving even for the Pro Plan. That’s not really acceptable. To achieve that, you have to use some other service that is compatible with Cloudflare. Alternatively, you need either ditch Cloudflare or simply upgrade to the Business Plan. Instead, I will preferably go for Sucuri or Optimole for LiteSpeed Cache to achieve all that.
- The dashboard looks too busy and intimidating for first-time users.
- Sucuri has better layered security compared to Cloudflare while using a similar Anycast CDN network. To top that, Sucuri comes with a lower price tag of $199 per year as compared to $200 per month for Business Plan from Cloudflare.
Cloudflare Customer Support
This is one department where Cloudflare sucks! Truly, it sucks! Pardon my language, but I couldn’t figure out anything better than this. It took me about 15 minutes to figure out how on earth to raise a ticket. You can do that from here.
When I decided to submit a ticket, I was awfully surprised to see that they have a whole process! Yes, they will take details, scan your site for a possible resolution, and only then can you proceed with the submission. That was too much for me.
A simple mail or a simple chat would have been a better option.
When I sent the email, I received an automated answer from a bot after 1 hour. Yes, their bot is freaking slow! The bot failed to resolve the issue, which forced me to reply to the bot. It has been nearly 24 hours now, and there has been no reply so far! So much for their 2-hour median range for replies!
Luckily, my question was about billing and not a technical issue. I cannot get over the dreadful thought of my site being (because of a technical issue) down for about 24 hours due of this non-responsive support system.
Honestly, I wasn’t at all happy about Cloudflare’s customer support approach.
Another thing that caught me by surprise is that Cloudflare experienced a worldwide outage (502 outage) in 2019. They first noticed it on July 2, 2019, at 14:54 PM GMT. Cloudflare was down for 27 minutes at a stretch.
The Cloudflare team was, however, very clear in their public statement, and clearly stated the steps they took to resolve the issue. That was indeed a good gesture.
Here is a screenshot of Cloudflare’s response:
The only thing that bothered me was their promise of ‘Always Online’ feature. The outage happened once, and it was resolved. The thing is, if it happened once, it could happen again. What it the outage stays longer, say, for hours?
That’s loss – massive loss!
Should you be using Cloudflare? Of course, you should, especially when you don’t have a separate budget for CDN, or you just can’t afford a CDN service.
Cloudflare’s global CDN network is free to use with unmetered DDoS mitigation. This is something you will not get every day.
Yes, setting up Cloudflare can be a little daunting and time-consuming, but the end results are impressive. You, however, need to keep in mind that some features can break your site. So, do some research before activating all features you get in Pro Plan onwards. With the Free Plan, you don’t have to worry about these things!
I use Cloudflare for some of my smaller and newer websites. I do, however, use something else when it comes to my best-performing sites. For the most profitable blogs that I own, I combine Cloudflare, Optimole, and Sucuri to get the optimal results.
Optimole takes care of my images, Cloudflare takes care of the CDN for all other static content, and Sucuri takes care of the threats.
In fact, I actually opt for the free version of Cloudflare for my most productive sites and divert the money into other services that are champions in the singular niche they work in, thereby keeping the overall cost low but achieving the same results.
But again, different people have different strategies. You need to figure out what will work best for you.