Since we started using the CloudFlare (free plan) on a few sites a few months ago, it's greatly reduced comment spam and contact form spam. According to our CloudFlare dashboard, it's also blocked many botnet zombies and other threats, reducing the risk of sites being hacked. It also serves as a CDN (content delivery network), but sites were fast enough before, so there wasn't a noticeable speed improvement.
Here's how we set up CloudFlare for a WordPress site. The steps you need to follow may differ.
The Dashboard in your CloudFlare account displays analytics and threats.
Because the CloudFlare CDN provides caching, you may notice that some changes (such as CSS changes) don't immediately take effect. You can put CloudFlare in Development Mode to temporarily disable caching (for up to 3 hours). In the WordPress plugin (Plugins > CloudFlare), set Development Mode to On. Alternatively, log into CloudFlare and on the Websites page, use the Development Mode button there, or use the Pause CloudFlare button to deactivate CloudFlare indefinitely.
Many hosts allow you to enable CloudFlare from within cPanel. We tried this, but found that it only works if your domain begins with "www". To leave "www" off and use your root domain (like https://optimwise.com), you need to go directly to CloudFlare rather than going through the host. Reference: CloudFlare blog (comments).
If your site uses SSL, you won't be able to use the free plan. You'll need to upgrade to one of the paid plans.
One cool feature of CloudFlare is that it uses JavaScript to obfuscate email addresses, protecting them from many email address harvesters.
Have you used CloudFlare? What are your thoughts? Do you need help adding CloudFlare to your WordPress site? Contact us!
Cloudflare created some serious security issues for us so we quit using it.
Topher, I'd be very interested to hear about those issues. Could you please elaborate?
Hello Chad well its good, but their plugin is so many bugs and errors. Finally, I got another plugin that is lighter and faster to use CloudFlare API (free one): https://wordpress.org/plugins/cf-littlebizzy/
Karim, we haven't experienced bugs and errors with the official Cloudflare plugin, but it doesn't hurt to have alternatives. Thanks for sharing!
9 out of 10 of the last spam I received originated from CloudFlare. I want nothing to do with CloudFlare and is looking for ways to exclude CloudFlare from all communication with my sites. Legitimate e-mail from CloudFlare will have to suffer, it is better than getting hordes of spam from CloudFlare.
Gerard, what do you mean that the spam you received originated from CloudFlare and that you're getting hordes of spam from CloudFlare? Cloudflare is in the business of stopping spam and other Internet threats, not causing it. Have you sent samples to Cloudflare to ask them to analyze the messages? It's fairly easy to spoof emails and other messages so they look like they're coming from somewhere else. It would be worth asking Cloudflare for their input on the problem.
Cloudflare is referenced in the body of 9 out of 10 spam I receive. Is it not the same thing as sending spam? Lately the sender is usually xteknoloji.net and yandex.net and Cloudflare would do well not to extend services to those two accounts. To put it bluntly, it is common knowledge what CloudFlare is doing and it does not sit well with the majority of service providers. If you carry on not responding to spam reports, it is just a matter of time until CloudFlare is shut down.
The support pages on CloudFlare is extremely user unfriendly. Contacting CloudFlare is almost not worth it.
I haven't received such spam, and I haven't researched the issue, but I'll share my thoughts. It sounds like the spam is being sent from spammers who are using Cloudflare services, not from Cloudflare itself. Cloudflare is known to support free speech rights and provide services to controversial web properties and organizations. If Cloudflare's support pages haven't worked for you, you can try contacting CloudflareHelp on Twitter.
You mention that it is common knowledge what CloudFlare is doing and it does not sit well with the majority of service providers. I'm interested to learn more about this. Are you able to share any links that I can reference?
After looking at the ratio of spam reports from me to Spamcop I did a search on the Internet and this is a partial list of what I found:
https://tacit.livejournal.com/595116.html
https://suespammers.net/cloudflare-com-hosting-spammers/
https://www.spamhaus.org/sbl/listings/cloudflare.com
Thank you for the info. Those posts confirm what I suspected: the spam is being sent from spammers who are using Cloudflare services, not from Cloudflare itself. Unfortunately, because of Cloudflare's stance on free speech, many nefarious individuals and organizations use their services. However, that doesn't undermine the fact that legitimate website owners can also benefit from Cloudflare's services.
I have just received another spam from yandex.net and xteknoloji.net which was 'relayed' by CloudFlare. This has been going on for almost a month and before that it was ch-center.com and dotrotelecom.ro that was 'relayed' by CloudFlare. How long does it take for CloudFlare to respond? Every instance of spam was reported to CloudFlare together with the site that is actually sending the spam.
---------------------------------------------------------------------------------------------------------------------
[spam message details removed]
-----------------------------------------------------------------------------------------------------------------------
No wonder that this is the talk that is going on:
https://forums.yahoo.net/t5/Inbox-Management/CLOUDFLARE-SPAM-ISSUE-and-WHY-Tolerated/td-p/421012
https://www.spamtitan.com/web-filtering/cloudflare-ipfs-gateway-phishing-forms-fool-users-with-valid-ssl-certificates/
https://wordtothewise.com/2012/07/cloudflare-and-spamhaus/
We know that CloudFlare does not send the spam originally but 'relays' the spam. It is no use repeating it. The fact is that CloudFlare extends services to spammers and, when the spammers are reported to CloudFlare, CloudFlare does nothing about it.
CloudFlare must change its operation or CloudFlare is going to be shut down.
Sent today. CloudFlare is still extending services to these spammers. CloudFlare has a strange idea of 'free speech'.
Spam report id 6889169534 sent to: [email protected]
Spam report id 6889169535 sent to: [email protected]
Spam report id 6889169536 sent to: [email protected]
Todays report:
Spam report id 6889893618 sent to: [email protected]
Spam report id 6889893619 sent to: [email protected]
Spam report id 6889893620 sent to: [email protected]
Gerard, what is your reason for posting these reports here? I'm sure Cloudflare doesn't read this blog, and I don't have any affiliation with Cloudflare, so there's nothing I can do. Please help me understand what you hope to accomplish.
Forgive me Chad, because the article above is so heavily in favor of Cloudflare, I mistakenly thought that it was written by someone who was associated with Cloudflare.
Do not sell yourself short, Cloudflare probably has a person or panel of persons whose only job it is to report any and all negative comment about Cloudflare.
What do I hope to accomplish? I want to add my voice to the people who are sick and tired of spam and those organizations who support spammers. Unfortunately my view is that Cloudflare is among those organisations who support spammers.
On Thursday 12/20/18 I received another lot of spam from xteknoloji.net and yandex.net that was 'forwarded' by Cloudflare. Until they react faster or change their model, they must expect the negatives to continue.