preloader

Cloudflare WordPress Plugin – Setup, Features & Troubleshooting | WPWizzy

The Cloudflare plugin for WordPress connects your site to Cloudflare for CDN delivery, security, and performance features. It also enables cache purging directly from the WordPress dashboard.

Cloudflare WordPress Plugin – Setup, Features & Troubleshooting | WPWizzy
Get Help With This Plugin

What is Cloudflare plugin?

The Cloudflare plugin for WordPress is a companion tool for sites already using Cloudflare as their DNS and CDN provider. Cloudflare itself – the CDN, DDoS protection, firewall, and SSL – operates at the DNS level and works regardless of whether this plugin is installed. The plugin adds WordPress-specific integration: automatic cache purging when you publish or update content, security level controls from the WordPress dashboard, and basic performance settings.

Most of the value Cloudflare provides to WordPress sites comes from the Cloudflare account itself, not this plugin. The plugin is useful but not essential. Many WordPress sites run behind Cloudflare without the plugin installed and work correctly. The plugin is most useful if you want to purge the Cloudflare cache from inside WordPress without logging into the Cloudflare dashboard, or if you want to manage basic settings without leaving WordPress admin.

Need Help With Cloudflare Setup, Troubleshooting, or Customization?

Need help with Cloudflare? Whether you are dealing with errors, broken functionality, styling problems, plugin conflicts, or advanced customization, we can help you fix the issue and get the plugin working properly on your WordPress site.

Get Cloudflare Expert Help

Key Features

  • Automatic Cloudflare cache purge on content publish or update
  • Security level control from WordPress dashboard
  • Automatic HTTPS rewrites toggle
  • Browser Integrity Check toggle
  • Cloudflare Web Analytics integration

Pros & Cons

Pros

  • Cache purging from WordPress dashboard without logging into Cloudflare
  • Simplifies managing basic Cloudflare settings from one place
  • Free plugin works with free Cloudflare accounts

Cons

  • Most Cloudflare functionality works without this plugin at all
  • Setup requires API token configuration which confuses many users

Free vs Premium

The plugin itself is free. Cloudflare service has a free plan covering CDN, basic DDoS protection, and SSL for most small to medium sites. Cloudflare Pro adds image optimisation, mobile optimisation, a Web Application Firewall with managed rules, and faster support. Business and Enterprise tiers add custom WAF rules, guaranteed uptime SLAs, and dedicated support. Most WordPress sites run fine on the Cloudflare free plan.

Common Problems & Fixes

My site shows stale content after publishing. Cloudflare is not clearing the cache.

Go to the Cloudflare plugin settings in WordPress and verify your API token has Cache Purge permissions for the correct zone. Tokens without the right permissions appear connected but fail silently on purge attempts. If the token is correct, check whether your caching plugin such as WP Rocket is also caching pages – you may need both caches purged. Some configurations require purging the WordPress cache first, then Cloudflare.

My site has infinite redirect loops after enabling Cloudflare.

Redirect loops between Cloudflare and WordPress almost always happen because Cloudflare SSL mode is set to Flexible while WordPress forces HTTPS. Flexible SSL means Cloudflare connects to your server over HTTP, WordPress redirects to HTTPS, and the loop repeats. Fix this by changing Cloudflare SSL setting from Flexible to Full or Full (Strict) in the Cloudflare dashboard under SSL/TLS. Full mode requires a valid SSL certificate on your server, which most modern hosts provide automatically.

The Cloudflare plugin is showing a connection error in WordPress admin.

The plugin connects using a Cloudflare API token. Verify the token is correct and has not expired or been revoked. Go to your Cloudflare account, then My Profile, then API Tokens, and confirm the token is active. If you recently changed your Cloudflare email or password, generate a new token. Also ensure your WordPress server can make outbound HTTPS requests – some restrictive hosting environments block this.

Customization & Developer Notes

How do I exclude certain WordPress pages from Cloudflare cache?

Create a Page Rule in your Cloudflare dashboard under Rules, then Page Rules. Add a rule matching the URL pattern you want to exclude and set the action to Cache Level: Bypass. WooCommerce stores typically exclude /cart/*, /checkout/*, and /my-account/* from Cloudflare caching. On Pro plans, Cache Rules offer more granular control than Page Rules.

Can I use Cloudflare alongside WP Rocket or another caching plugin?

Yes, and this is a common recommended setup. WP Rocket handles server-side caching, CSS and JavaScript optimisation, and WordPress-level performance. Cloudflare adds CDN delivery, edge caching, and DDoS protection. WP Rocket has a specific Cloudflare add-on that connects the two, allowing WP Rocket to trigger Cloudflare cache purges automatically. Configure it under WP Rocket, then Add-ons, then Cloudflare.

Frequently Asked Questions

Do I need the Cloudflare plugin if my site is already behind Cloudflare?

No – the plugin is optional. Cloudflare works at the DNS level and protects and accelerates your site regardless of whether the plugin is installed. The plugin adds convenience features: cache purging from WordPress, quick access to security settings, and automatic HTTPS rewrite configuration. If you are comfortable logging into the Cloudflare dashboard to manage settings, you can skip the plugin entirely.

Does Cloudflare affect the WordPress admin area?

By default, Cloudflare does not cache wp-admin, wp-login.php, or any URL with a WordPress authentication cookie. These are bypassed automatically. If you have created Page Rules that cache everything without explicit bypass rules for admin URLs, you may accidentally cache admin pages. Avoid using cache-all rules without proper bypass conditions.

Is the Cloudflare free plan enough for a WordPress site?

For most small to medium WordPress sites, yes. The free plan provides CDN delivery from Cloudflare global network, basic DDoS protection, SSL, and a shared Web Application Firewall with limited rules. Where free becomes limiting is when you need custom WAF rules to block specific attack patterns, image optimisation through Cloudflare Polish, or guaranteed support response times.

How do I completely remove Cloudflare from my WordPress site?

Removing Cloudflare requires a DNS change, not just deactivating the plugin. Log into your domain registrar and change nameservers back to your hosting provider nameservers, or keep Cloudflare nameservers but disable the proxy (grey cloud) on each DNS record. DNS propagation takes up to 48 hours. Ensure your SSL certificate on the hosting server is valid before removing Cloudflare, as Cloudflare may have been providing your SSL.

Need a Cloudflare WordPress Developer?

Find a vetted WordPress developer experienced with Cloudflare configuration on Codeable. From initial setup to performance tuning and SSL troubleshooting.
Get a Free Estimate

Alternative Plugins

  • WP Rocket CDN
  • BunnyCDN
  • KeyCDN
  • Sucuri Firewall
  • Fastly

Ready to hire your WordPress developer?

WPWizzy connects you with vetted freelance WordPress developers from the Codeable network — the top 2% of WordPress experts worldwide, , you can get a free no-obligation project estimate before hiring. Every developer is carefully screened, backed by Codeable’s satisfaction guarantee, and rated by real clients based on completed WordPress projects.

Pick one option and we’ll take you to the right next step.

After submitting your request, up to three WordPress developers may review your project and ask a few questions to better understand the issue.
This step helps us define the scope of work and provide an accurate estimate. Most projects receive a response within 24 hours.
Providing a few key details about your website or the problem will help us respond faster. There is no obligation to proceed with the project.