Essentially, it acts as a proxy between your site, and any remote requests – screening them for known threats and only letting through the good ones. It’s free, setup is relatively painless, and who can say no to free security protection?
Wait – what it is exactly, and how does it work?
All domains have a name-server (or two, actually) associated with them, and the purpose of the name-server is to redirect the domain to the IP address on which your website is held. So every request made to your site must pass through the name-server in order to reach your site. CloudFlare works by replacing your current name-servers with their own, and then filtering the requests made, thereby offering a layer of security which otherwise wouldn’t exist. You’d be forgiven for this would slow down your website, but that’s not the case. Unlike your regular name-servers that perhaps only exist in one physical location (where your site is stored), CloudFlare has a number of them situated globally, which has the added benefit of speeding up your initial site load time.
For a quick idea of what it does, let’s look at the stats for my site in one day alone:
You can see that out of around 1,500 recorded page views, 47 of those were from known security threats (such as attempts to perform an SQL injection on standard search forms, or scanning for known web server vulnerabilities).
In terms of a speed boost, CloudFlare also “saved” about 2/3rds of the requests made on my server, and prevented 130mb of unnecessary bandwidth waste. Clearly, these are not numbers to be laughed at and I can attest to the fact that my site is now noticeably faster. Even without the speed boost though, the security it adds is a great piece of mind.
I’m convinced, how do I get it?
In order to make use of CloudFlare, you’ll need to be able to edit the name-server settings for your domain. Even if you’re on shared hosting, you should be able to do this. I’ll show you quickly how this can be done on my favorite domain buying site, Go Daddy – but obviously you’ll need to check yourself if your domain was purchased elsewhere. Ask your hosting support if your domain and site hosting were purchased together, otherwise you’ll need to find out who has control of your domain (not your hosting).
After logging in through the main Go Daddy site, navigate from any of the top menu items to Go To -> Domain Management:
Next, choose your domain from the list, and the detailed view such as this should appear:
Notice the section labelled Nameservers. We won’t change anything now, but leave that tab open while you sign up for CloudFlare as you’ll need to change it soon.
Sign Up For CloudFlare:
Head on over to cloudflare.com and use the easy sign up form to create an account. Once you’ve logged in, you should be able to add a domain. Just type in your domain.
While CloudFlare investigates your current website automatically, you’ll see a 1 minute video explaining things. The setup really couldn’t be easier. On the next screen, you’ll be asked to check the DNS settings. To be honest, the defaults will work fine unless you have something weird like Google Apps installed on your domain, or already have a CDN setup. If you have no idea what I just said, the defaults are probably good!
The next screen is important, but I’ll summarize so you can skip through it. Basically, any requests to your main domain will be routed through CloudFlare. However, in order to allow you to continue to use FTP or SSH on your domain as normal, CloudFlare will automatically create a kind of “bypass” subdomain, which is direct.yourdomain.com by default. Once you’ve made the CloudFlare changes, just remember that from now on if you want to access your site through FTP, you’ll need to affix “direct” to start of the connection address.
Finally, you’ll be told exactly what to update your name server settings too. Go back to your domain control panel, edit the name servers, and be sure to copy and paste these replacement ones in exactly.
That’s it – not so difficult is it? I really must commend CloudFlare for explaining everything so well and making set up easy, because changing name servers and messing with CNAME DNS records is not something the average user would do. The fact that it auto-detects your existing settings quite well just makes the whole process painless.
On the free account, you’ll need to wait 24 hours for stats to be updated. After that, log in to your account, click on domain stats, and be prepared to see how vulnerable your site was before!
Anyone who hosts their own domain should sign up with CloudFlare now – and I can honestly say that the speed boost has had a pronounced effect on my site, and with the added bonus of bandwidth saved my hosting bill should be cheaper this month too. Let us know in the comments if you’ve tried out CloudFlare for your site. For even more of a speed boost, be sure to check out my tips on the most comprehensive WordPress caching plugin around W3 Total Cache and how to configure the basic settings.