I’m now requiring all of my hosting and management clients to run their DNS through Cloudflare. There are several reasons for this—primarily security, performance, and the deep integration with my new preferred hosting method, CloudPanel.
In this post, I’ll walk you through the key benefits and show you how things work inside of Cloudflare. Everything I’m showing here is completely free to use.
Setting Up Cloudflare
Inside the Cloudflare dashboard, got ahead and add your site. The setup is simple:
- Add your domain
- Select the free plan
- Switch your name servers
Other than a couple of tweaks near the end of the video/this article I’ll talk about, I typically leave most settings at their defaults since it works great out of the box.
Cloudflare as a CDN
At its core, Cloudflare is a CDN (Content Delivery Network). It creates cached versions of your website across Cloudflare’s global network. When a visitor comes to your site, they’re often served a cached version from the closest geographic location, reducing server load and speeding your website’s loading time.
Here’s what that looks like in my Cloudflare analytics:
- In the last 7 days, my website received 62,000 requests.
- Out of those, 38,000 were served directly by Cloudflare’s cache.
That means over half of my site’s traffic didn’t even touch the server, freeing up resources for other processes and improving performance across the board for every site on the server.
Global Reach
Cloudflare also gives you a visual overview of where your traffic is coming from. In my case, visitors come from all over the world—United States, Germany, Australia, and more. With Cloudflare, they all experience fast load times regardless of location.
Free SSL Certificates
Another major benefit is SSL. Cloudflare provides free SSL certificates, and with end-to-end encryption, your site stays secure from the browser to Cloudflare and from Cloudflare to your server.
Here’s how it works:
- Edge Certificates handle browser-to-Cloudflare encryption automatically.
- For Cloudflare-to-server encryption, I generate an origin server certificate and install it in my hosting control panel (in this case, CloudPanel).
This might sound more complex than it is, but it’s not difficult at all. In CloudPanel, you just drop in two bits of code provided for you and SSL install is done. Other hosting panels may automate this even further.
And since Cloudflare handles all ends of the SSL tunnel, in my case, I don’t need Let’s Encrypt at all (though LE is great!)
Blocking All Non-Cloudflare Traffic
One standout security feature in CloudPanel is the ability to block all traffic except that which comes through Cloudflare. This provides a strong layer of protection, ensuring only authorized traffic can reach your server.
How It All Works: Proxying Through Cloudflare
All of these benefits – CDN, SSL, enhanced security – are made possible by enabling the proxy option in your DNS settings on Cloudflare.
When you proxy your A records, all traffic flows through Cloudflare before hitting your server. This unlocks all the magic we’ve discussed.
Fast DNS Propagation
Cloudflare also shines when it comes to DNS propagation speed. It’s blazing fast, much faster than most registrars, even GoDaddy which admittedly is quite fast too.
For example, when I add DNS records for a tool like SMTP2GO (for transactional email), I often see all the records verify within seconds. No more waiting around for hours.
Cloudflare also offers advanced features like CNAME flattening, which other providers often don’t support. I’ve covered that in another video on my channel if you want to learn more: https://jonathanjernigan.com/this-is-the-best-way-to-manage-dns-for-all-your-clients/
Built-In Firewall with Custom Rules
The biggest reason I require Cloudflare DNS for all sites is inside the Security tab, specifically the Web Application Firewall (WAF).
I’m using five pre-configured firewall rules created by Troy Glancy. These rules apply different layers of protection before traffic even reaches your website.
Troy’s website and the source of these WAF rules: https://webagencyhero.com/cloudflare-waf-rules-v3/
Here’s a quick overview:
- Good bots (like search engines) are allowed through.
- Manage Challenges are issued to suspicious traffic, requiring confirmation (like a simple CAPTCHA). If they fail, they’re blocked.
- Aggressive crawler blocks target bots you may not want (like Yandex or SEMrush).
- ASN and country-based rules block traffic from datacenters (e.g., Google Cloud or AWS) or restrict access to only specific countries.
- Blocking WP login attempts with a managed challenge. For example, over the last 24 hours, 74 login attempts hit my site, but only one (me) succeeded.
- Full blocks on things like XML-RPC, Tor exit nodes, and unnecessary external access to sensitive files like wp-config.
These rules drastically reduce spam and malicious traffic. In most cases, just setting the country rule immediately stops contact form spam, which is a massive life-saver when you get that message from a client saying they’re being spammed. Flip on these WAF rules and then go enjoy your dinner.
Final Thoughts
These are the key reasons why Cloudflare is now required for every client I host:
- Global CDN
- Free SSL with end-to-end encryption
- Fast DNS propagation
- Full integration with CloudPanel
- A powerful, customizable web application firewall
If you want to learn more about CloudPanel, check that out here: https://jonathanjernigan.com/cloudpanel-mastery/
Thanks for reading!