Getting the Most Out of Cloudflare – The First Things New Users Need to Do

Getting the Most Out of Cloudflare – The First Things New Users Need to Do

Carl Taylor | October 17, 2022

With the increasing threat of cybercrime, security solutions have become more sophisticated. And Cloudflare is one of the best cybersecurity options that you should consider.

The global pandemic introduced many disruptions and complications not necessarily connected with health risks. Besides economic hardships, the crisis also had an impact on cybersecurity.

In particular, phishing has been on the rise.

To be precise, cybercriminals started emailing people posing as various health organisations. The emails in question contained links or attachments designed to introduce malicious software – most often malware or ransomware – if opened or downloaded.

These attacks have become widespread. The number of phishing and other malicious interactions has grown steadily in the past decade. Cyberattacks, in particular, have increased sevenfold since the onset of the pandemic.

To make matters even more perilous, the repertoire of online risks has widened considerably. Private and business accounts today need to repel spambots, trojans, spyware, and a sleuth of other issues.

Furthermore, while Windows and Android platforms continue to be the most exposed to malicious software, the dangers for iOS devices have increased as well.

Every week, nearly 20 million sites get infected with a form of malware, with financial institutions being regular targets.

In other words, the need for increased cybersecurity is greater than ever.

If your business is running a website – and it most likely is – you’ll need to do everything in your power to protect it from rampant malicious elements.

Luckily, Cloudflare might be the solution you need.

This article will introduce the tool as a potent cyberattack remedy and explain how you can set it up to make your website safer.

Introducing Cloudflare

Cloudflare is designed to provide exceptional security and reliable performance for websites, apps, and APIs. The platform does all that by unifying integrated solutions and leveraging a cloud network spanning hundreds of countries and cities.

The protective functions of CloudFlare include firewalls, VPNs, rate limiting, protection from DDoS attacks, bot management, and other essential and more refined cybersecurity protocols.

At the same time, the platform provides optimisation for mobile, state-of-the-art routing, and image, video, and cache support. These features make Cloudflare extremely reliable with an immensely positive impact on the performance of your online assets.

While Cloudflare is relatively straightforward to set up and configure through the comprehensible dashboard, much of its strength comes from programmable features. This means that using the platform to its full potential comes with a learning curve that might prove too steep for beginners.

In the following section, we’ll go through the essential first steps that will help you make the most out of Cloudflare.

Your First Steps on Cloudflare

The following list of tasks to complete when starting with Cloudflare will allow you to begin using the platform without issues. While these tasks aren’t overly complex, they can be overwhelming if you lack experience.

So, if you need additional help completing the Cloudflare setup, know that Automation Agency can assist you in integrating the platform into your business.

Step #1. Check Your DNS Records

Cloudflare resolves DNS by design, but the platform only does so for subdomains that count toward web traffic. In other words, subdomains such as blogs and “www” addresses are covered.

On the other hand, Cloudflare won’t proxy subdomains like mail, FTP, and wildcard subdomains. But that doesn’t mean the platform won’t be able to take care of them – it will only take some additional actions.

If you want to add alternative subdomains to the DNS records or edit the existing ones, you can do that manually through the integrated DNS settings. As soon as you add the subdomains you want, Cloudflare will start protecting and accelerating them.

Step #2. Create Some PageRules

Creating additional PageRules can open a variety of options to configure your pages further and boost their performance.

Essentially, the function of PageRules is described in the very name. You can set up particular rules that determine how Cloudflare behaves on specific pages, which can be very helpful in certain cases.

For example, you might want to customise which HTML content gets cached or even exclude URLs from caching altogether.

One of the elements of your website that would benefit from such exclusions would be the admin section. Excluding this section will remove any potential plugin update issues and error messages.

Step #3. Activate CloudFlare’s Automatic Optimisations

Cloudflare comes with excellent automatic options to boost performance, which all users should take advantage of right from the start.

The platform will recommend some handy optimisations once you launch it. In particular, you’ll be able to turn on two options from the get-go: one allows HTTPS use, while the other reduces page loading time.

Furthermore, you can enable Brotli compression to decrease load times even more. This option is available from the optimisation settings.

The same menu also contains the Rocket Loader toggle options, which will boost pages that use JavaScript.

Step #4. Whitelist All CloudFlare IP Addresses

Whitelisting Cloudflare IP addresses will allow traffic from those addresses to come through while blocking anything else. This feature is particularly important in terms of cybersecurity since it will prevent crawlers and other potentially malicious pieces of code from accessing your website directly.

By using this option, you’ll keep the content about your hosts and IP addresses hidden from cybercriminals. In fact, if you don’t whitelist your Cloudflare IP addresses, you might leave the website open to two types of attacks.

First, attackers can use Shodan to find your servers and IP addresses. Shodan is a search engine that looks for devices connected to the internet and can reveal sensitive information with the right query.

Second, your website might come under attack through information gathered via Project Sonar. This is a tool that scans the online environment ports and collects response data. As a result, it can deliver all the datasets from your website.

Step #5. Change the VHOST Default

If you want to ensure the anonymity of your servers, it would be best to change the VHOST default setting to a placeholder that isn’t directly related to your website.

Once you change this setting, the new page will serve as an IP access point instead of the protected webpage. This is particularly useful when it comes to scanners that index websites since they gain access primarily through the IP address.

In other words, your pages will stay hidden from potential attackers for longer.

Step #6. Spend Time With the Settings Page

Cloudflare offers a wide variety of optional features that can play a crucial role in the security and functionality of your website. However, to access those features, you’ll need to get familiar with the platform’s settings.

We’ve already mentioned one of the key options that exist on the settings page, which is Rocket Loader. But there are other settings that will prove just as useful.

Depending on your preferences, you might also want to tweak your security level. It’s set to medium by default, and you can change it to high or low, or even turn security off completely.

Another feature is the Development mode. It allows you to change images, CSS, JavaScript, and other static files and determine which will load first upon accessing your site.

You can also clear all the static files from Cloudflare by using the Purge Cache option.

Of course, certain settings will be more advanced than others, and using them will require you to understand precisely what you’re changing. If you’re unsure about the consequences of tweaking a particular setting, it would be best to leave it at default.

Step #7. Integrate Relevant Tools Via the Cloudflare App Store

In addition to the integrated features, CloudFlare can expand its functionality through additional applications. The platform has partnerships with numerous apps and services, making it easy to integrate these tools seamlessly.

Such tools include popular services like Google Analytics, which can be made available on every page of your website. Other popular options are CodeGuard, a website backup solution, VigLink, which allows you to monetise your content, and Highlight, a one-click contextual search tool.

Exploring the additional tools will help you tailor your Cloudflare platform to your specific needs. If you leverage the integrations on offer, you can create the ideal environment for your website.

Step #8. Conduct Performance Checks

Even if you feel completely confident in how you’ve set up Cloudflare, performance checks will still be a must. After all, only a thorough check will confirm that all the features are functioning as intended and reveal potential shortcomings.

When checking different website metrics, the response time will require particular attention. This metric represents a more complex and broader version of load time. It would be best to aim for the shortest time possible in both cases, with load times of two seconds or lower being ideal.

You can use a tool like Blazemeter to test how your website performs with Cloudflare. For comparison’s sake, you should test the site in its vanilla state first, i.e., without the service running. In most cases, the response time should improve once Cloudflare is activated.

Step #9. Adhere to Website Security Best Practices

It’s possible to maximise the cybersecurity aspects of Cloudflare through several additional actions.

For instance, you can set your email to run on a separate service or server, change the IP address of your server after migrating to CloudFlare, or ensure unused DNS records are removed.

Different types of DDoS and brute force attacks can be prevented through rate limiting while tweaking the WAF settings will put a stop to dynamic attacks.

Finally, your logs will display the original IP address for visitors, letting you know who accessed your website.

Boost Speed and Security

If used correctly, Cloudflare can be a powerful tool both in terms of cybersecurity and website performance.

The service is designed with seamless functionality in mind, although some of the most potent features might be a bit too advanced for beginners. That’s why if you need assistance in setting up Cloudflare to fit your exact needs, Automation Agency can help.

Our Concierge Service can work with you throughout the process to provide the precise results you want. Don’t hesitate to reach out and have our team enable Cloudflare for your website with optimal effectiveness.

About the author 

Carl Taylor

Carl Taylor is the Founder & CEO of Automation Agency. For the past 10 years Carl has been building businesses and marketing them online through the use of Sales Funnels, Email Marketing Automation, Landing Pages, and Wordpress Websites. Carl is also a #1 author and highly sought after speaker and consultant whose work has impacted thousands of businesses across various industries worldwide.

{"email":"Email address invalid","url":"Website address invalid","required":"Required field missing"}