Cloudflare is a popular content delivery network (CDN), caching, and protection service. It can be used with WordPress and is compatible with Jetpack. Unless manual adjustments are made, Cloudflare is configured to work with Jetpack.
To get started, you’ll want to followthe instructions to add your site to Cloudflare.
Please note that per our Scope of Support we are unable to assist with configuring Cloudflare.
Optimize your Site to Work with Cloudflare
The steps below help to ensure that your site is optimized to work well with Cloudflare.
Create a PageRule to exclude WordPress’ dashboard from Cloudflare.
While Cloudflare is useful for your readers, you do not need to use it for your site’s dashboard. It may in fact cause some issues. Luckily, you can set up rules so Cloudflare ignores your site’s dashboard.
- Go to “Rules” in your Cloudflare dashboard.
- Under “Add New Rule”, enter the following:
*yoursite.com/wp-admin* - Make sure caching, apps, and performance are disabled.
- Save your changes.
Use Cloudflare’s SSL certificate on your site:
- Under the SSL/TLS menu, enable one of Cloudflare’s SSL options: Flexible, Full, or Full (strict).
- Wait for the changes to be available on your site.
- Install and activate the Cloudflare plugin.
- Install the Cloudflare Flexible SSL plugin to avoid running into Redirect loop issues in your dashboard.
- Enable Administration over SSL (reference) by adding the following to
wp-config.php:/** * Admin over SSL */define('FORCE_SSL_ADMIN', true); - Set the port to 443 by adding the following to
wp-config.php:/** * Set port to 443 */$_SERVER['SERVER_PORT'] = 443;
- Under Settings > General in your dashboard, change both your site address and WordPress address to use HTTPS.
- In your Cloudflare settings, create a Page Rule to redirect all traffic from HTTP to HTTPS.
You should then be all set, now install the Jetpack plugin!
Pause Cloudflare
For testing purposes, you can temporarily pause Cloudflare by:
- Going to the Overview tab in the Cloudflare dashboard.
- At the bottom right of this page there is a link under Advanced Actions .
- Click Pause Cloudflare on Site
More information is in this Cloudflare article.
Jetpack Backup and Cloudflare
If your site uses Cloudflare and Jetpack Backup, you will need to use your server’s IP address for your hostname when adding the server’s credentials. You can get this from your hosting provider.
Allowing Jetpack IPs in Cloudflare
Jetpack communicates with your website through the secure use of your xmlrpc.php file. By default, Cloudflare blocks all non-Jetpack access to this file and serves an HTTP 403 Forbidden message. This is designed to block access to that file by unwarranted users.
Cloudflare has settings in place to make sure that Jetpack requests to the xmlrpc.php file are allowed to pass through their firewalls and protection services. This means you should not have to manually configure access for Jetpack through Cloudflare.
However, this behavior can be adjusted and there may be situations where Cloudflare is configured to block access to xmlrpc.php. In these cases, you will need to follow this guide to allowlist Jetpack’s IPs.
Troubleshooting Jetpack and Cloudflare
- Hosting issues: Allowlist your IPs
- Cloudflare’s Rocket Loader incompatibility
- Understanding Cloudflare gRPC support
- Jetpack Backup: security and proxy settings
- Issues with Jetpack Boost: The score calculation is timing out
