Our primary mission at Super Speedy Plugins is to help you never have to worry about WordPress performance ever again. Regardless of which hosting company you are using, placing Cloudflare in front of your WordPress website can boost your sites performance in two key ways.
Unwanted traffic from botnet hackers and bad SEO bots can severely affect your website’s performance. Eliminating that traffic through your CDN eases the burden on your poor overworked server. Additionally, using Cloudflare’s edge-caching reduces the amount of content your server has to deliver and additionally places that static content closer to your users bringing speed boosts in multiple ways.
Table of Contents
The Importance of Website Speed and Security
Website speed and security are two critical factors that influence user experience and search engine ranking. A faster website translates to improved user satisfaction, reduced bounce rates, and enhanced SEO. Conversely, a slow-loading site can result in lost customers and decreased revenue.
Similarly, website security is vital in today’s cyber threat landscape. Unwanted traffic from botnet hackers and bad SEO bots can cripple your site’s performance, steal sensitive information, and severely damage your online reputation. Therefore, it’s crucial to take preventive measures to protect your online business.
The Role of Cloudflare in Website Speed and Security
Cloudflare is a powerful CDN that protects and accelerates websites by routing web traffic through its intelligent global network. By doing so, it effectively optimizes the delivery of your website resources to your visitors based on their geographic location, significantly improving the speed of your website.
In terms of security, Cloudflare plays a crucial role in protecting your website from various threats, including Distributed Denial of Service (DDoS) attacks, SQL injection, and Cross-Site Scripting (XSS). Moreover, it’s capable of identifying and blocking harmful bot traffic, thus keeping your website safe from botnet hackers and bad SEO bots.
Configuring Cloudflare for WordPress and WooCommerce
Firstly, you should sign up to Cloudflare and move your name servers over to them. This is a zero-downtime process and is very easy to do – just follow their guide.
Once you have an account, install and configure the Cloudflare plugin.
Configuration is a matter of connecting your account and then clicking the Apply button followed by enabling the Auto Platform Optimization option.
Next, log into your Cloudflare dashboard and click Security > WAF > Create Rule. You can name your rule “Challenge Asia and Russia”. This is where the vast majority of bad traffic comes from, so we’re going to configure Cloudflare to present a captcha challenge to that traffic.
Edit your rule to match if Contintent equals Asia or Country equals Russian Federation and ‘Then take action’ should be set to Interactive Challenge.
Next, check your Managed Rules tab. The Cloudflare plugin may have enabled these automatically. The three managed rules I enable are Cloudflare PHP, Cloudflare Specials and Cloudflare WordPress. I have found in the past that these need a little tweaking – one of the Cloudflare WordPress rules, for example, breaks the Gutenberg editor if you are editing a large article.
In the WordPress managed rules, disable the rule WP0025B.
In the Managed Specials rules, disable the rules 100005 and 100009J – I found these rules interfered with some plugin functionality.
That’s it! You should monitor your WAF and check for how many challenges there have been. You can also monitor the amount of traffic served up by your origin server by examining your nginx, Apache or Litespeed logs.
Summary
By configuring Cloudflare with your WordPress and WooCommerce website, you can take advantage of its robust features and protect your site from unwanted traffic. Not only will this boost your website speed, but it will also significantly improve your website’s security, ensuring a seamless and safe browsing experience for your users.
Remember, while Cloudflare offers an excellent first line of defense, it should be used as part of a broader security strategy. Regular updates, strong passwords, and a reliable hosting provider are essential elements of a comprehensive approach to website security.
If you think you are being protected by WordPress security plugins such as WordFence et al, you are dead-wrong. You cannot protect your server properly at this late stage in your stack and even worse than that snicco recently discovered and shared many vulnerabilities in these plugins which actually make your site less secure!
You should never rely on Cloudflare alone – your origin server must also be secure – but adding Cloudflare into the mix gives you extra speed by killing off bad traffic before it even reaches your server.
Cloudflare suggests to use managed challenge and claims that it performs better.
https://blog.cloudflare.com/end-cloudflare-captcha/
Ok, noted, and thank you! Everyone else, use the Managed Challenge rather than the Interactive Challenge.
You haven’t even addressed the checkout or basket. How come?
The basket and checkout are addressed in the automatic Cloudflare rules. What issues are you experiencing?