Cloudflare seems to be more and more popular nowadays. It seems everyone is using it. But the question is: should YOU use Cloudflare?
I go over Cloudflare’s most common service offerings and why you should (or shouldn’t) use them.
- Most popular services and features.
- Best use cases.
- Scenarios where Cloudflare might even decrease your website performance.
As with anything, the answer is IT DEPENDS…
Cloudflare offers 3 main services (all FREE, and all based off their core DNS service):
- DNS management – faster DNS resolution for your domains. Easier DNS management with a clean UI and ability to invite others to manage your DNS records.
- Performance (their “CDN” component) – can cache static site assets (such as images, CSS, JS, fonts, etc) and serve them from proxy servers closer to visitors, apply intelligent page rules at the DNS level (imagine a faster/more-powerful but also less-techy version of htaccess redirects), optimize site assets (compress, minify, etc), and even do full page caching.
- Security – intelligent firewall to block bots and hackers from attacking your sites. Also SSL management and other security configuration options.
As a quick note, their core service is the DNS service. And then if you enable their proxy…you get the proxy features such as PERFORMANCE & SECURITY.
Cloudflare also offers 3 main PREMIUM services (also based off their core DNS service):
- premium DNS (performance) – Argo routing, supposedly it helps users reach your site faster (because of faster DNS lookups). I think this difference is minimal or unnoticeable (if any) for most.
- premium CDN features (performance) – more options for speeding up your site. Things like Railgun. More speed control. More page rules for intelligent rewriting. Most people don’t need it.
- premium firewall features (security) – if you pay more, they give you extra security like protection against DDOS layer 7 attacks. Most people don’t really need this level of protection.
Common questions about Cloudflare services:
So all I need is the FREE plan? It’s not worth it to pay more?
- Exactly, the FREE Cloudflare plan is enough. You can pay more but you probably won’t notice any difference. I’m as much of a speed fanatic as any and I don’t use Cloudflare’s paid plans.
How does Cloudflare help speed up websites and servers?
- It speeds up websites by loading your static assets faster. (Faster website load times for visitors.)
- It prevents unwanted traffic (like bots and hackers) from reaching your server. (Decreasing server load and helping you from hitting resource limits with slower/limited servers.)
- Cloudflare can make it harder for DDOS attacks to reach your server.
What’s the point of having Cloudflare if you already have fast webhosting?
- Cloudflare’s DNS management tools area really awesome and convenient for troubleshooting DNS issues or simply for migrating sites to new servers without any downtimes. Basically, it’s not only super easy DNS management but also really fast DNS propagation; Cloudflare propagates new DNS within itself in only minutes whereas without might take you at least several hours. It’s really handy when you need to redirect your domain to a new server IP without waiting hours for propagation; typical use cases are during migration or to mitigate downtime.
- And then if you ever want to add Cloudflare’s CDN for performance or security features, it’s only a click away.
- There’s also the benefit of allowing other users to manage your DNS without having to give them critical registrar or webhosting credentials.
Does Cloudflare actually provide a noticeable speed improvement?
- Cloudflare performance proxy is faster in some regions and not so fast in others. Using Cloudflare DNS-only and not its “CDN” features will give you faster DNS times than if you enable their CDN. (NOTE: you can enable/disable their performance features by toggling either ORANGE or GREY cloud from the DNS settings.)
I highly recommend using Cloudflare for DNS management no matter what (easier DNS management, and faster DNS lookup). But deciding whether or not to activate their “CDN/SECURITY proxy” completely lies in their benefit to you.
General principles:
- If enabling their CDN adds 100ms of DNS lookup time but only decreases your asset load time by 50ms, the obvious answer is not to use it.
- The more local traffic you have (where visitors are close to your web-server), the more likely your site will load faster without Cloudflare’s CDN features. Cloudflare CDN’s features tend to help more with far-away visitors.
- Cloudflare’s security features may also have an effect on performance. For example if your site is regularly bombarded by bots and spammers, having Cloudflare’s CDN (and thus security features enabled) can actually decrease your server load.
- If you don’t have much traffic to even keep Cloudflare’s cache warm, your visitors will actually notice slower speeds as their requests now have to pass through one extra proxy.
Will having Cloudflare allow your server to handle more visitors and higher traffic loads?
- Cloudflare does help decrease your server load and allow you to handle more visitors but not always as much as you think.
- Sites with millions of hits may notice a 50% server savings whereas sites with only 10k hits may only notice a 10% server savings.
- Some assets are also easier to serve via Cloudflare than others.
Should I use Cloudflare’s premium ARGO Smart Routing feature?
- No, it’s not worth it to me. It’s also expensive if you have lots of traffic. If you don’t even have far-away traffic, it’s pointless.
- Ok fine, if you have a million-dollar business and paying $20k/month to improve your DNS lookup by 40ms improves your sales by $70k/month…sure, then it would be worth it.
What do you think of Cloudflare’s new domain registration service?
- I’m skeptical because it sounds to good to be true. A no-markup registration that also comes with free domain privacy?
- But I have transferred domains over and have to say the hype is real!…Cloudflare has come out with another incredible service, all for free!
What should I do when I set up new Cloudflare accounts? What settings should I choose?
- Great question! I answer all that here in my Cloudflare (best settings) configuration guide.
How do I know whether the nearest Cloudflare proxy is close enough to make it worth my while?
- Read this great guide – The declining value of Cloudflare in Australia
- To see the which CF proxy serves your site, enter your domain name into the browser like this:
https://yourdomain.com/cdn-cgi/trace
Do I have to use BOTH Cloudflare’s CDN and Firewall? Can I use only their performance but not security features, or vice versa?
Unfortunately, no. This both a PRO and a CON to running everything off their DNS proxy. The pro is that it makes it easier (cheaper) for them to integrate more services for free and into one convenient place. The drawback is that you can’t cherrypick having only CDN features or only firewall features. If you activate the proxy, you have to get both. This can be an issue for those that want the CDN but hate their firewall causing problems and blocking real users. Or those who want the security but hate their CDN getting in the way of page load, etc.
With that said, there are still granular features within each and most people won’t have any problems but it’s up to you to test and see what fits you best.
Hi, Johnny!
Thank you again for great article!
I look forward to an guide about Cloudflare settings for WordPress.
Hello from Russia, brat!
Hi Johnny! How do you setup Cloudflare to manage DNS and turn off the CDN/Security proxy? I updated my nameservers to point to Cloudflare but paused the site from the Cloudflare dashboard.
In the DNS section I noticed a bunch of entries that say “Proxied” and have an orange cloud icon. Do I also need to go through each those and toggle them off so it’s just a gray cloud that says “DNS Only”?
Exactly, Randy. Put them on gray cloud.
Thanks again for the help!
Johnny what if I have a 6G firewall and FastCGI caching enabled at the server level (GridPane)? Isn’t it redundant and won’t CF firewall/caching interfere with that?
Yeah, deploying overlapping functions at different levels can cause issues or slow down traffic further. Imagine a bar where you security guards checking ID at both the front door and the bar.
In this specific case, it’s important to know how each firewall mechanism works and how they might interfere with each other. Cloudflare is a proxy so it gets to see real IP of all visitors. Your server firewall cannot see real visitor IP through Cloudflare (not with regular plans), so if you enable CF proxy and server firewall…the server firewall may block many legit visitors since all visitors (good or bad) come from same Cloudflare proxy IP. Does that make sense?
Thanks man, I see what you mean.
As for the WAF – “The GridPane stack comes with a built in Web Application Firewall built into the server that utilises the OpenResty Lua Just In Time Compiler. Basically, it is as performant as the Cloudflare WAF, primarily because they are using the same components… ie the Nginx Lua module.”
What would you do in that case – enable CF proxy and disable server-level one?
As for the caching, I’m not sure what to do. I got FastCGI rolling (sped up my site a lot, no need for any plugin – I tested them all with/without FastCGI/Redis). But with CF you get one more layer of caching, you said it’s not the best idea to have the same function overlapping over a bunch of layers. So would you disable FastCGI and again let (the free) CF do the work?
Thanks again brother,
I hope one day I can give back for everything I learned from you.
It’s really up to you and your needs. If you’re using Cloudflare proxy, then you should use their security as well. As much as I see the convenience in Cloudflare security, I think server security can be better because you have more configuration control. Again…depends on your needs. What you’re doing. What type of attacks you’re getting and how you like to deal with them….blocking, banning, threshold, limiting, etc.
Thank you for the nice comments. I’m grateful for your readership. 🙂
Hi,
Our website has 99% traffic from India only we have dedicated IP so what do you think will it help us or it may hamper ranking due to a multiple numbers of host over Cloudflare DNS?
Dedicated IP doesn’t matter so much anymore.
I don’t think it’s a big deal.
Hi Johnny,
I plan to use cloudflare on a domain that’s hosted on litespeed server.
Any complications using cloudflare with litespeed based server?
Shouldn’t be. You mayyyyy have to whitelist Cloudflare IP’s in LiteSpeed admin if you plan to use security functions and what not. But you most likely don’t have to do anything.