Cloudflare's free plan gives your WordPress site a global CDN, DDoS protection, and a free SSL certificate, and setup takes about 20 minutes. For most small-to-medium sites, Cloudflare free is better than any paid CDN you could buy for under $20/month. Here's the complete setup process, what to configure once you're in, and the common mistakes that cause problems.
The free plan is not a stripped-down demo, it's a genuinely capable product. It includes a CDN with 300+ edge locations globally, unmetered DDoS mitigation (no bill shock from attack traffic), a free SSL certificate, automatic caching for static assets, traffic analytics, and a Web Application Firewall (WAF) with basic managed rules. For sites with global audiences, the CDN alone meaningfully reduces load time for visitors far from your origin server.
Paid Cloudflare plans (Pro at $20/month, Business at $200/month) add more WAF rules, image optimisation, more Page Rules, and better bot management. For most WordPress sites, free is the right starting point. You can always upgrade later if you need the additional protection or analytics granularity.
Go to cloudflare.com and create a free account. Click "Add a Site," enter your domain name, and select the Free plan. Cloudflare will scan your existing DNS records automatically and import them. This automated scan catches most records correctly, but verify every one carefully before proceeding, particularly MX records (email routing), SPF and DKIM TXT records, and any CNAME records for subdomains.
Cross-reference the imported records against a screenshot or export from your current DNS provider. A missing MX record means email stops working when you switch nameservers. A missing CNAME for a subdomain means that service breaks. Taking five minutes to verify now saves hours of troubleshooting later.
Cloudflare will give you two nameserver addresses (something like alice.ns.cloudflare.com and bob.ns.cloudflare.com). Log into your domain registrar and replace the existing nameservers with these. The process varies by registrar but is typically under Domain Settings or DNS Management.
DNS propagation for nameserver changes typically takes between 15 minutes and a few hours, though it can occasionally take up to 24 hours. Cloudflare will send you an email once they've confirmed the nameserver change is active. Until then, your existing DNS keeps working, there's no downtime gap between old and new nameservers.
This is the most commonly misconfigured setting and it causes either broken sites or insecure connections. In the Cloudflare dashboard, go to SSL/TLS and look at the encryption mode. The options are Off, Flexible, Full, and Full (Strict).
Set it to Full (Strict) if your origin server has a valid SSL certificate, which it should on any reputable host in 2026. Full Strict means the browser-to-Cloudflare connection is encrypted and the Cloudflare-to-origin-server connection is also encrypted with a certificate that Cloudflare validates. Never use Flexible mode: it means your server is sending content to Cloudflare over an unencrypted HTTP connection, which defeats the point of HTTPS. If you're getting SSL errors after setup, it usually means your origin server doesn't have a certificate installed, fix that at your host first, then switch to Full Strict.
In Caching › Configuration, set the caching level to Standard. Under Browser Cache TTL, set it to at least 4 hours, longer for sites with infrequently changing static assets. Enable Brotli compression under Speed › Optimization (Brotli compresses files more efficiently than gzip and is supported by all modern browsers). Also enable Auto Minify for HTML, CSS, and JavaScript if you're not already minifying at the server level.
If you're running LiteSpeed Cache on your server, the integration with Cloudflare is particularly clean. LiteSpeed Cache's Cloudflare extension can automatically purge the Cloudflare cache when you update content in WordPress, so you don't have to manually clear cache after publishing posts or pages. Set this up in the LiteSpeed Cache plugin settings under the CDN tab.
WordPress has pages that must never be served from cache: the admin area, login page, WooCommerce cart and checkout, and any user-specific pages. If Cloudflare caches these pages, users see each other's sessions or get stuck on stale versions, a serious security and functional problem.
Create Cache Rules (previously Page Rules) to bypass caching for these paths. Go to Caching › Cache Rules and create rules for: /wp-admin/*, /wp-login.php, and if you have WooCommerce: /cart*, /checkout*, /my-account*. Set each to Cache Level: Bypass. Free plans include enough rules to cover these essential exclusions.
Under Speed › Optimization, review these settings: Rocket Loader (defers JavaScript loading, can cause issues with some plugins, test before enabling), Early Hints (speeds up resource loading for returning visitors), and HTTP/2 (enabled by default, ensure it's on). Under Network, enable HTTP/3 with QUIC, this is the modern transport protocol that reduces latency for mobile users especially.
If you're on the free plan and want image optimisation, Cloudflare's Polish and Mirage features are paid. The equivalent for free users is to optimise images before upload using a plugin like Imagify or Smush, and to serve WebP images through your server-side caching plugin. Cloudflare free still handles compression and CDN delivery efficiently, you just handle image format conversion at the WordPress level.
Test your site with GTmetrix or PageSpeed Insights immediately after setup. Check for a cf-cache-status: HIT header on cached pages (view in browser dev tools under Network › Headers), this confirms Cloudflare is serving assets from cache rather than hitting your origin server every time. Verify that admin pages are not cached by checking that cf-cache-status shows BYPASS on /wp-admin/.
If you make design changes and visitors report seeing the old version, use Cloudflare's Purge Cache button under Caching › Configuration to clear all cached assets immediately. For routine content updates (new blog posts, product changes), your LiteSpeed Cache integration should handle cache purging automatically.
HostBible's LiteSpeed stack integrates cleanly with Cloudflare CDN. Use Cloudflare as your front-end CDN layer on top of a fast LiteSpeed origin for maximum performance gains.
View Hosting Plans