When you switch your DNS servers to Cloudflare, all your traffic to your main domain is proxied through Cloudflare. However, if you add subdomains, it doesn’t automatically route that traffic as well. If you’re on shared hosting, you probably have a number of websites on the same plan. All of these websites draw from the same resource pool on your account. So if you’re using Cloudflare to reduce the load on your server (like me), it’s important to add each of your websites separately. There’s no point in tightly controlling spam to one domain, while allowing it to run rampant on others.
And this is why you also need to add all your subdomains to Cloudflare. Subdomains are easy to create, and they have a variety of uses. They’re so easy in fact, that you might even forget you’ve created them! This is a problem for you if they continue to attract spam that’s not filtered through a Firewall.
Fortunately, adding a new subdomain to Cloudflare is easy. Here’s how.
Add a CNAME DNS Record
In your Cloudflare dashboard, go to the DNS tab and click the blue “Add Record” button. Then add your subdomain like this.
In this example, my website is www.wp-tweaks.com. I’ve created a test site where I can make changes without impacting my main site. This test site is located in the subdomain “testing”. So I access it by typing “testing.wp-tweaks.com” into my browser.
To create a new CNAME record, choose “CNAME” from the dropdown box in the “Type” field, and in the “Name” field, enter the name of your subdomain – in my case, “testing”. And in the “target” field, enter your main domain name – for me, that’s wp-tweaks.com.
Save your changes and confirm that you want to proxy your subdomain traffic through Cloudflare. And you’re done! Give it a few seconds, and now your subdomain is protected as well.
Testing to See if it Works
I’ve found the easiest way to test if Cloudflare is proxying your traffic, is to create a firewall rule and see if the firewall is operating. There’s another way where you check for the presence of the “cf-cache-status” header, but that might require a bit of digging. Verifying the firewall is more straightforward.
As a test, I created a new firewall rule in Cloudflare blocking my test subdomain altogether as shown here:
Here, I simply specify that the “Hostname” has to be the exact subdomain address. And I block (temporarily of course) all visits where the hostname is my subdomain. Save your firewall rule, then visit your subdomain by typing it into the browser. If it’s being proxied, then you should be blocked like this:
As you can see in the above screenshot, when I try and visit the subdomain in my browser, it’s blocked by Cloudflare as expected. This means that the traffic is being proxied through Cloudflare. Now remove the firewall rule, and create one that’s more in line with your needs :).
Simply repeat the above process for each subdomain you have. When using a service like Cloudflare, it’s important to catch all your website properties that share the same set of resources – as is typical on a shared hosting server. This way, you can ensure that bad behavior on one site won’t cause slowdowns on all the others.
I’m a NameHero team member, and an expert on WordPress and web hosting. I’ve been in this industry since 2008. I’ve also developed apps on Android and have written extensive tutorials on managing Linux servers. You can contact me on my website WP-Tweaks.com!