WordPress web application firewall (WAF) rulesets
Automatic cache purge on website updates
One-click application of WordPress-optimized settings is the easiest way to setup Cloudflare’s performance and security on your WordPress site.
Cloudflare’s web application firewall (WAF), available on all of Cloudflare’s paid plans, has built-in rulesets specifically built to mitigate against WordPress threats and vulnerabilities. Cloudflare’s WAF provides confidence that your website is always protected, even against the latest threats and vulnerabilities targeting WordPress websites.
Cloudflare’s plugin for WordPress automatically refreshes the Cloudflare cache upon making changes to your website appearance. This means that you can focus on your website, while we take care of ensuring that the freshest content is always available to your visitors.
Automatic HTTPS Rewrites safely eliminates mixed content issues on your WordPress website, while enhancing performance and security by rewriting insecure URLs dynamically from known (secure) hosts to their secure counterpart. By enforcing a secure connection, Automatic HTTPS Rewrites enables your WordPress website to take advantage of the latest security standards and web optimization features only available over HTTPS. The Automatic HTTPS Rewrites toggle can be found in the dashboard of Cloudflare's plugin for WordPress.
Cloudflare's plugin improves SEO for WordPress thanks to performance and security improvements. Google has announced that they prioritize fast-loading pages as well as pages using security features like SSL in their search algorithm.
Cloudflare offers free SSL certificates for WordPress users. With SSL for WordPress you can secure data being transferred between your website and your visitors. Secure websites are looked positively upon by both users and search engines.
Distributed denial-of-service (DDOS) attacks are among the most common threats to websites. Enabling Cloudflare's free DDoS protection for WordPress uses tools like rate limiting to protect your website from attackers.