Utilize Cloudflare to the max (caching, settings, rules, analytics, cloud storage, email management, protect admin area).
Unlock advanced Cloudflare features without being a network administrator or developer. Works with any Cloudflare plan (including Free), no Automatic Platform Optimization (APO) subscription needed.
Directly cache HTML
App for Cloudflare® can automatically cache your HTML pages in 320+ Cloudflare data centers around the world. “Standard” WordPress caching plugins can’t escape the laws of physics because information can’t travel faster than the speed of light (even if the page is cached, the cache exists on your physical origin server, which can be over 20,000 km from an end user). Caching content in Cloudflare data centers makes your website faster by putting your website cache closer to end-users (95% of the world’s population is within 50ms of a Cloudflare data center).
This is able to be done without Cloudflare Workers or even a Page Rule (done with a single Cache Rule on Cloudflare’s side, and custom code in the plugin).
Manage all Cloudflare settings
All Cloudflare settings can be changed directly within your WordPress admin area.
Includes Easy config function that will optimally set your Cloudflare zone settings for WordPress.
Fixes Cloudflare Flexible SSL redirect loops
Automatically fixes HTTPS redirect loops when using Cloudflare’s Flexible SSL option (traffic between user and Cloudflare is encrypted, but traffic between Cloudflare and origin server is not).
Handles user IP addresses
Automatically handles the situation where your web server is passing Cloudflare IP addresses rather than the IP address of the user making the request.
Network analytics
View network stats for your website directly within your WordPress admin area with a dashboard widget.
View rules & firewall
Quickly review your site’s Cloudflare rules and firewall settings from within your WordPress admin area. Includes:
DMARC management
Track third parties that are sending email on your behalf (for example an email provider you have authorized like Gmail or Outlook). You can also see unauthorized email senders or spammers sending email on behalf of your domain.
Multisite network support
You have the ability to have a network-wide Cloudflare API token that can be overridden on a per site basis. In the case where a multisite network operator has the site domains in a single Cloudflare account, they can allow the site users to utilize Cloudflare features for their individual site without disclosing the underlying actual API token.
Additionally, a single Pro license for the main network site allows the media from all sites in the network to be stored in the cloud, within a single Cloudflare R2 bucket.
Store media in the cloud [Premium]
Easily and seamlessly store your WordPress media in the cloud with Cloudflare R2. This allows you to offload resources (both bandwidth and disk space) from your server. The first 10GB is free, and only costs $0.015 per GB thereafter (ex. if you had 100GB of media, it would cost $1.35 per month to store it in the cloud).
Includes ability to migrate existing media from local filesystem to R2 (or from R2 to local filesystem). Works with individual media, or all media in bulk (includes web-based migration as well as a shell/WP-CLI option).
Protect admin area [Premium]
Utilize Zero Trust Network Access to authenticate users before they access your WordPress admin area.
Manage rules & firewall [Premium]
The premium version unlocks the ability to manage (create, delete, suspend and unsuspend) Cloudflare rules and firewall definitions. In addition to defining your own rules, you can deploy useful rules with a single click:
Backup & restore [Premium]
You have the ability to backup and restore some of your most important Cloudflare configuration settings:
Backups can be restored to different zones (for example if you had extensive configuration for a zone, you could give another zone the same configuration through a backup restore).
Other features
From your WordPress dashboard
App for Cloudflare
Manual upload
app-for-cf
directory to your /wp-content/plugins/
directorySee Cloudflare stats for your domain right on the WordPress dashboard.
Setup allows you to enter your Cloudflare API token with the minimum permissions required.
Control Cloudflare zone settings (SSL/TLS options shown here).
Control Cloudflare zone settings (Security options shown here).
Control Cloudflare zone settings (Speed options shown here).
Control Cloudflare zone settings (Caching options shown here).
Control Cloudflare zone settings (Network options shown here).
Control Cloudflare zone settings (Scrape Shield options shown here).
Guest page caching allows you to cache your HTML pages in Cloudflare data centers (this allows your site to deliver content to your users from the data center closest to them).
Cloudflare Firewall Rules, User Agent Rules and IP Address Rules are viewable within WordPress (the Pro version allows editing/creating/deleting as well).
An easy interface to block traffic by country before the request gets to your server.
Create User Agent Rule from within WordPress (Pro version).
Create IP Address Rule from within WordPress (Pro version).
Page Rules and Cache Rules are viewable within WordPress (the Pro version allows editing/creating/deleting as well).
Zero-Trust Access policies are viewable within WordPress (the Pro version allows simple auto-configuration to protect your WordPress admin area).
R2 object storage allows you to store your WordPress media in the cloud seamlessly (premium feature/part of Pro).
R2 configuration is simple/automatic.
DMARC reporting allows you to see entities sending email on your behalf.
Cloudflare Purge Cache is available from within the WordPress admin area.
An HTTP request trace tool allows you to simulate an HTTP request passing through Cloudflare's network. This allows you to see which products and rules are triggering actions on a request.
An IP address lookup tool allows you to get some basic info about any IP address (works with IPv4 as well as IPv6 addresses).
Lookup info about any domain.
Get registration info about any domain.
The Pro version allows you to backup and restore some Cloudflare settings.
Media stored in R2 shows an orange cloud in the media browser.
Move individual media to/from R2.
Move all media in bulk to/from R2.
For multisite networks, you can utilize a single Cloudflare API token for all your sites in your network (which can be optionally overridden on a per site basis).
For multisite networks, you can optionally use a single R2 bucket to store the media across all your sites.
It’s done by using a Cloudflare Cache Rule that makes HTML pages eligible to be cached. Making a page eligible doesn’t necessarily make it always cached (for example if a user is logged into the site or the request is a POST, you wouldn’t want the page to be cached). No need for any kludgey cache busting mechanism that alters your URLs.
This allows it to be done in a “clean” way, without the need for Cloudflare’s Automatic Platform Optimization (APO) plugin/subscription (normally $5/month for Cloudflare Free plans). It also does not require the added complexity or expense of Workers (Workers are billed per request). Additionally it does not require the use of a Page Rule slot on your Cloudflare zone.
This plugin can do Guest Page Caching for free, for everyone.
An easy way to test it is with a testing tool like GTmetrix. Test it without Guest Page Caching enabled and test it again with Guest Page Caching enabled and compare the results.
If you are a little more technical, you can look at the cf-cache-status
HTTP header on the page request. If you see a value of HIT
, the request is being successfully being served from Cloudflare’s edge cache.
If you want to compare the speed of WordPress sites from different cities, try these:
Yes. Not only does it work as a standard plugin on any site within the network, it can be deployed as a “network activated” plugin (automatically available to all sites within the network). Additionally, there are settings available to the network admins where you can optionally set a default API token (that is used, but not disclosed to the individual sites). Individual sites can set a different API token to override the network-wide token if needed. This is useful in a scenario where all (or most) of the sites in the network are on the same Cloudflare account and can share the same API token.
The Pro version allows a single Cloudflare R2 bucket to be used for storing the media for all sites in the multisite network.
There is an option to allow settings to be changed only by one specific admin account. If you use that setting, and then lose or change the admin account you assigned to that role, it can be problematic. If you need to bypass that option, you can by adding the following to your WordPress wp-config.php file:
define('CLOUDFLARE_BYPASS_USER_LOCK', true);
Yes, please do! You can find the suggestion area over here.
The WordPress version is kept in feature parity with the XenForo version. You can find the update changelog for older versions (if you are curious), over here.