Performance & Reliability
CDN DNS Argo Smart Routing Load Balancing Web Optimizations China Network
Video Streaming & Delivery
Cloudflare Stream Stream Delivery
Advanced Security
DDoS Protection WAF Bot Management Rate Limiting SSL / TLS DNSSEC Cloudflare Access Cloudflare Spectrum Argo Tunnel
Insights
Analytics Cloudflare Logs
Cloudflare for Developers
Cloudflare Workers Cloudflare Workers KV Mobile SDK
Domain Registration
Cloudflare Registrar
Cloudflare Marketplace
Cloudflare Apps
Cloudflare for Everyone
1.1.1.1
Performance
Accelerate Internet Applications Accelerate Mobile Experiences Ensure Application Availability
Security
Mitigate DDoS Attacks Prevent Customer Data Breaches Stop Malicious Bot Abuse
Industries
Gaming SaaS eCommerce Publishers Public Sector Public Interest Groups State & Local Government
Partnerships
Partner Program
Solutions Partners
Services Program
Technology Partners
Peering Portal Bandwidth Alliance
Integrations
IBM Cloud WordPress Google Cloud Magento Acquia Rackspace Microsoft Azure Kubernetes WP Engine
Develop
API Guide Developer Hub Developer Fund Documentation
Explore
Case Studies Analysts Cloudflare in China Network Map Webinars Product Updates White Papers GDPR
Learn
DDoS Learning Center CDN Learning Center DNS Learning Center Security Learning Center Performance Learning Center Serverless Learning Center SSL Learning Center Bots Learning Center
Connect
Blog Contact Sales Community Support
Contact
Advanced Cloudflare Configuration
Explore Cloudflare API v4 Expose a Secure Local Tunnel Configure with Terraform Documentation
Customize Your Site
Customize Using Workers Altering Headers Conditional Request Routing A/B Testing Browse All Code Snippets
Build Serverless Applications
Deploy Using Workers.dev Get Started with Tutorials Clone Examples on GitHub

Security

Your Cloudflare Business Plan comes with protection from DDoS attacks, data breaches, and bot attacks.

Turning on Security

Switch on these features to make your site more secure today.

DDoS Protection

Use Cloudflare to protect your presence from DDoS (Distributed Denial of Service) attacks, no matter the size.

Enabled

Review SSL

Review this option to ensure this the right setting for your site. We recommend configuring “Full SSL” for advanced security.

Review SSL

Always use HTTPS

Make sure your visitors are always visiting an encrypted page by redirecting all requests with “http” to “https”.

Turn on

Available with Pro and Business Plans

Web Application Firewall OWASP Rules

Turn on to protect your site from the Top 10 common OWASP identified threats; these account for roughly 12% of all attacks including cross-site scripting and SQL injection.

Turn on

Web Application Firewall Cloudflare Rules

Turning on Cloudflare Rulesets protects an additional 86% of attacks that Cloudflare has identified. These rules continuously evolve to protect you from the latest threats.

Turn on
Learn more about your security settings. Configure Advanced Settings
We love the peace of mind that we get knowing that we can set up Cloudflare, forget about it, and trust that we won't be affected by any kind of malicious DDoS attack.
Lee McNeil,  CTO at Buycraft

Basic Setup Complete!

Next: Learn how to configure advanced settings to get the most out of your plan

General Security Guidelines

To provide you with the best possible experience on our website, we may use cookies, as described here.
By clicking accept, closing this banner, or continuing to browse our websites, you consent to the use of such cookies.