CloudFlare is a service that makes websites load faster and protects sites from online spammers and hackers. Any website with a root domain (ie http://www.mydomain.com) can use CloudFlare.

CloudFlare offers security features - free and paid - that can further help you protect your website. We'll cover the key features customers care about the most below.

Basic Security Level (free to all customers)

CloudFlare’s Basic Security level uses data sources to identify potentially malicious visitors to your site by IP threat scoring. If the IP has recently shown problematic behavior online, including spam and attacks, then a visitor from that IP would receive a challenge page before they actually hit your website (this is also highly effective at stopping many botnet attacks).

Keep in mind:

A higher security level will lead to more challenges and possible false positives. We default all users to medium, but you can always turn this higher or lower in your security settings.

Pro tip: CloudFlare customers on a paid plan can customize CloudFlare error message pages.

CloudFlare’s Threat Control (free to all customers)

Many WordPress site owners just installed their WordPress site through a few clicks at a hosting provider. Many of these site owners do not know server commands that they can use to restrict access to their site through things like .htaccess, but CloudFlare’s Threat Control panel will let you do many of the same things that you would do in .htaccess through an intuitive interface that will let you either block or whitelist IPs.

Things you can do:

1. Block an individual IP

2. Block an IP range by CIDR (we currently support in /16 and /24 formats).

3. Block a country

Conversely, of course, you can also use Threat Control to whitelist IPs. If you know that a product or service you use to help run your site needs access to your site, such as a monitoring service or API call, then you should whitelist their IPs to make sure that they don’t get challenged.

Note: CloudFlare’s country block currently only throws a challenge page up for visitors from the region you blocked (not a full block). A human could still enter your site by passing the captcha, but the block is still highly effective at stopping most bots or botnets from wasting your site’s server resources or attacking you. You should use some care with using a country block, however, since you may inadvertently end up challenging a service with an IP address in that country block space.

CloudFlare’s Web Application Firewall (Advanced Security)

CloudFlare’s Web Application Firewall is a paid feature of CloudFlare designed to make it harder for someone to penetrate your site (you should still follow other security practices, of course). While many attackers out there are simply “script kiddies” screwing around, there are indeed more advanced hackers out there that will try to figure out ways to access your site through more advanced attack types (XSS, SQLi, etc.).

As of this writing, CloudFlare’s Web Application Firewall a has over 15 rule sets designed to block attacks directed specifically at WordPress sites, with an additional layer of protection added via the OWASP WordPress rule sets configured in the WAF as well. You can turn these WAF protections on or off in your CloudFlare security settings.

Note: Please note that some visitors may trigger false positives with the Web Application Firewall turned on. You can always decided to whitelist that visitor in Threat Control to override the challenge or block behavior.

CloudFlare SSL

SSL encrypts information between a web server and a client (a browser, for example) so that sensitive information can be transmitted securely without having eavesdropping occurring from malicious actors on the internet. If you have a website where you are capturing sensitive information (credit cards, etc.) or doing e-commerce transactions, SSL is the best way to protect that sensitive information from being intercepted. CloudFlare has two options for SSL based on your needs:

Flexible SSL

Customers that do not have SSL installed on their web server can still encrypt some of the traffic to protect sensitive information with Flexible SSL. The added benefit of Flexible SSL is that visitors would still see your website as having SSL enabled, thereby giving visitors more trust in your site.

Note: If you are using a service that requires SSL directly on the server, Flexible SSL will not meet that need and you should get a SSL certificate from an approved SSL vendor (your hosting provider will often have SSL available as well).

Full SSL and Full Strict SSL

Full SSL is required for sites that have an SSL certificate installed directly on their server. Full SSL will encrypt all of the traffic all the way to your web server as long as CloudFlare is proxying the record in your CloudFlare DNS settings. Full SSL will work with a self-signed certificate, whereas customers with a valid certificate from a certificate authority should choose the Full Strict option for SSL.

CloudFlare DDoS protection

CloudFlare offers basic DDoS protection and mitigation to all customers free of charge, with advanced DDoS protection offered on the Business or Enterprise tiers of service.

If you are currently under DDoS attack, or if you would like to reduce the risk of a DDoS attack, then we have some very helpful tips on how to mitigate a DDoS attack fairly quickly.

Please note: We only guarantee DDoS protection at the Business and Enterprise tiers of service. If your site is frequently the target of large DDoS attacks, please make sure that you choose the correct pricing plan for your site to get the coverage you need.

For more information; contact:

ASSURE Educational Services
Broad Street,Lagos
07063397940, 08050701465.

superb

Nice post.. nice one.. bloggers dats for u..

Cool

nice.

nice and interesting

A good one!

let me eat first

noted

=====================================================
Build your dream online! Get an e-Learning scholarship that worth $200,000 for FREE! >> http://forposting145..com/
=====================================================

CHECK MY SIGNATURE TO DISCOVER ME

Interesting

Dem don Dey advertise on front page ni..... this guy must get mouth ooo....

U can call me too

ENTROVERT:
Nice post.. nice one.. bloggers dats for u..

sorry to ask seun dey pay u?

Fan Blogger used it

Hmmmmmmm....intetesting....


Nice one @Microsoft, so what's the cost implications associated?



because almost everything is now price-tagged

cool


CHECK MY SIGNATURE IF YOU WANNA LAUGH TIRE TODAY

Kk

I see the service on my hosting but have not used it yet. I'll check it out today, thanks op

=====================================================
Build your dream online! Get an e-Learning scholarship that worth $200,000 for FREE! >> http://forposting145..com/
=====================================================
____________________________________________________________

It is a wonderful service

I have a couple of sites i host using wordpress and most of them use cloudflare but i noticed that the ones that make use of it experiences downtime though not for a very long period. What could be the reason for that?

I love cloudflare services it is very efficient and reliable ...

Meanwhile check my signature

I use on www.healthable.org and www.skoopify.com

I don't understand