Earlier this week, I wrote about whether or not it was worth upgrading your free Cloudflare account to Pro. If you’ve decided to go for it, there are quite a few things you can do to ensure that your site works faster – the biggest change being the increase from 3 page rules to 20. But even if you decide to stay on the free tier, here are 3 Cloudflare tricks you can use to make your site run faster.
1. Turbo Charge Landing Page Redirects with Page Rules
If you run a site that sends customers as referrals to make a purchase elsewhere, you probably use a redirection plugin like Thirst Affiliates for WordPress that allows you to hide the ugly destination URL that has all the URL parameters for attribution. So you create a nice looking URL that lives on your own website, and which then redirects to the final destination.
On my website WP-Tweaks.com, I’ve set up page rules for some of my most popular and profitable affiliate URLs that redirect to their destination with a 302 response code like this:
With 20 page rules available on the Pro tier, you likely have plenty of spare page rules lying around. So why not utilize them for arguably the most important function on your site – the one that makes you money?
2. Block XML-RPC with Firewall Rules
XML-RPC is an annoying access point to WordPress, that Automattic insists on keeping, even though I personally find it a security risk since it allows attackers to programmatically try hundreds of usernames and passwords against your site in a short period of time. This hits your database, and can slow down performance. In a previous article, I’d explained how to disable XML-RPC via .htaccess, while still allowing potentially useful services like JetPack to access it.
But I can do even better. Rather than rely on my origin server to repel these attacks, I can use Firewall rules in Cloudflare to handle them at the EDGE and save my servers the hassle of dealing with potentially thousands of unwanted requests. To do that, we use the firewall rule as shown below:
In this, I block xmlrpc.php, but allow the Automattic AS Number to go through. You can see that this belongs to Automattic via this tool.
With this Firewall rule enabled, you can see that Cloudflare blocks them via the reporting section. Here’s the one for the last 24-hours:
22 requests over the last 24 hours is hardly worth worrying about. But sometimes you’ll get hit with a massive payload that will make your eyes water. And then you’ll be glad Cloudflare was there to save you!
3. Full Site Caching
I’d written earlier about using Cloudflare to reduce my TTFB to below 0.5 seconds. That technique doesn’t require any kind of paid subscription to Cloudflare, and works like a charm since it has the maximum impact on your most frequently viewed pages, which is what you want in the first place. But this particular solution only works if you have a somewhat static site without too many personalized pages like those displaying the logged in username etc.
It also adds a page rule to your Cloudflare settings so if you’re utilizing the redirection technique I showed you earlier, you might max out your available page rules, in which case you should consider buying a Cloudflare subscription to raise that number to 20. On its own however, this strategy will work just fine with the free tier.
And that’s it! I’ve learned a lot about Cloudflare’s capability over the years, and despite trying out a host of other solutions, nothing has ever worked as well as. That might change in the future, but till now, Cloudflare still remains king!
I’m a NameHero team member, and an expert on WordPress and web hosting. I’ve been in this industry since 2008. I’ve also developed apps on Android and have written extensive tutorials on managing Linux servers. You can contact me on my website WP-Tweaks.com!