Skip to main content
VSF Technology

How to Set Up Cloudflare for Your Business Website

Website Security

Step-by-step guide to setting up Cloudflare for your business website — CDN, SSL, DDoS protection, and performance optimization. What to do and what to avoid.

Aaron Hurlburt
Aaron Hurlburt
7 min read
Last updated: June 29, 2026
How to Set Up Cloudflare for Your Business Website

How to Set Up Cloudflare for Your Business Website

Cloudflare is one of the most valuable free tools available for business websites. It makes your site faster, more secure, and more reliable — and the free plan covers most of what small businesses need.

This guide walks through the complete Cloudflare setup process: from creating an account to configuring the settings that matter most for a business website.

What Cloudflare Does

Before diving into setup, it helps to understand what Cloudflare actually does.

When you add your domain to Cloudflare and change your nameservers, all traffic to your website passes through Cloudflare's network first. Cloudflare then:

  • Caches your content on servers around the world, so visitors load your site from a nearby server rather than your origin server
  • Blocks malicious traffic — bots, scrapers, DDoS attacks — before it reaches your server
  • Provides a free SSL certificate so your site works on HTTPS
  • Optimizes performance through minification, image compression, and other techniques

The result is a faster, more secure website — often with no changes to your actual hosting setup.

Who Should Use Cloudflare?

Cloudflare is appropriate for almost any business website. It is especially valuable for:

  • Sites on shared hosting that need better performance
  • Any site that has experienced bot traffic or DDoS attacks
  • Businesses that want free SSL without paying their hosting provider
  • Sites with visitors from multiple geographic regions
  • WordPress sites that need an additional security layer

Step-by-Step Cloudflare Setup

Step 1: Create a Cloudflare Account

Go to cloudflare.com and create a free account. You will need an email address and password.

Step 2: Add Your Domain

After logging in, click "Add a site" and enter your domain name (e.g., yourbusiness.com — without www or https).

Cloudflare will scan your existing DNS records automatically. This takes about 60 seconds.

Step 3: Choose a Plan

Select the Free plan. For most small business websites, the free plan provides everything you need: CDN, basic DDoS protection, free SSL, and basic analytics.

Paid plans add advanced security features, image optimization, and priority support — but start with free and upgrade if you need more.

Step 4: Review Your DNS Records

Cloudflare will show you the DNS records it found for your domain. Review them carefully:

  • A records — Should point to your hosting server's IP address
  • MX records — Should point to your email provider's mail servers
  • CNAME records — Should include www and any subdomains you use
  • TXT records — Should include SPF, DKIM, and any verification records

If any records are missing, add them now. If any records are wrong, correct them.

Important: Check the orange cloud icon next to each record. An orange cloud means traffic is proxied through Cloudflare. A gray cloud means DNS-only (traffic goes directly to your server). For your main website (A and CNAME records), you want the orange cloud. For MX records and some other records, you want gray (DNS-only).

Step 5: Change Your Nameservers

Cloudflare will give you two nameserver addresses (e.g., ns1.cloudflare.com and ns2.cloudflare.com). You need to update your domain's nameservers at your registrar to these values.

At GoDaddy:

  1. Go to My Products → Domains
  2. Click on your domain
  3. Scroll to Nameservers → click Change
  4. Select "Enter my own nameservers"
  5. Enter Cloudflare's nameservers
  6. Save

At Namecheap:

  1. Go to Domain List → Manage
  2. Find Nameservers → select "Custom DNS"
  3. Enter Cloudflare's nameservers
  4. Save

Nameserver changes typically propagate within a few hours, though it can take up to 24-48 hours.

Step 6: Configure SSL Settings

Once Cloudflare is active, configure SSL correctly. This is the most important setting to get right.

Go to SSL/TLS in your Cloudflare dashboard and set the encryption mode:

  • Off — Never use this
  • Flexible — Encrypts between visitor and Cloudflare, but not between Cloudflare and your server. Avoid this if possible.
  • Full — Encrypts end-to-end, but does not verify your server's certificate. Use this if your hosting has a self-signed certificate.
  • Full (Strict) — Encrypts end-to-end and verifies your server's certificate. Use this if your hosting has a valid SSL certificate. This is the recommended setting.

If your hosting provider gives you a free SSL certificate (most do), use Full (Strict).

Enable HSTS: Under SSL/TLS → Edge Certificates, enable HSTS (HTTP Strict Transport Security). This tells browsers to always use HTTPS for your domain.

Step 7: Configure Caching

Go to Caching → Configuration and set:

  • Caching Level: Standard
  • Browser Cache TTL: 4 hours (or longer for sites that do not change frequently)

For WordPress sites, you may need to set up a Page Rule to bypass cache for the admin area:

  • URL: yourdomain.com/wp-admin/*
  • Setting: Cache Level → Bypass

Step 8: Enable Performance Features

Under Speed → Optimization:

  • Auto Minify: Enable for JavaScript, CSS, and HTML
  • Brotli: Enable (better compression than gzip)

Under Speed → Optimization → Image Optimization (paid plans only):

  • Polish and Mirage are available on paid plans

Step 9: Configure Security Settings

Under Security → Settings:

  • Security Level: Medium (blocks known bad actors without affecting legitimate visitors)
  • Bot Fight Mode: Enable (blocks simple bots)

Under Security → WAF (Web Application Firewall):

  • The free plan includes basic WAF rules. Enable them.

Step 10: Verify Everything Works

After Cloudflare is active:

  1. Visit your website and confirm it loads correctly
  2. Check that HTTPS works (green padlock in browser)
  3. Verify your email still works (send a test email)
  4. Check that any subdomains still work
  5. Run a speed test at PageSpeed Insights to see the improvement

Common Cloudflare Mistakes to Avoid

Wrong SSL Mode

Setting SSL to "Flexible" when your hosting has a valid SSL certificate causes a redirect loop. Always use "Full (Strict)" if your hosting has SSL.

Proxying MX Records

MX records should never be proxied through Cloudflare (orange cloud). Email routing must go directly to your mail server. Always set MX records to DNS-only (gray cloud).

Caching Dynamic Pages

If your site has dynamic content — a shopping cart, logged-in user areas, or a WordPress admin — make sure those pages are excluded from caching. Use Page Rules to bypass cache for /wp-admin/*, /cart/, and similar paths.

Not Testing After Setup

Always test your site thoroughly after enabling Cloudflare. Check that forms work, payments process, and any third-party integrations still function correctly.

Cloudflare for WordPress

WordPress has specific considerations with Cloudflare:

Install the Cloudflare Plugin: The official Cloudflare plugin for WordPress enables automatic cache purging when you publish or update content.

Correct IP Logging: By default, WordPress logs Cloudflare's IP addresses instead of visitor IP addresses. The Cloudflare plugin fixes this so your logs show real visitor IPs.

Rocket Loader: Cloudflare's Rocket Loader feature can sometimes conflict with WordPress plugins. If you notice JavaScript issues after enabling Cloudflare, try disabling Rocket Loader.

Getting Professional Help

Cloudflare setup is straightforward for most sites, but incorrect configuration — especially SSL settings — can take your site offline. If you are not confident in the setup, VSF Technology handles Cloudflare configuration for business websites.

Contact VSF Technology or learn more about our Cloudflare setup services.

Related Resources

Topics

#Cloudflare#CDN#website security#website speed#SSL#DDoS protection
Aaron Hurlburt — Founder & Technology Consultant at VSF Technology

Written by

Aaron Hurlburt

Founder & Technology Consultant, VSF Technology

Aaron Hurlburt helps growing businesses across the U.S. build the right technology stack — from domains and hosting to CRM, AI tools, and phone systems.

Free for US Businesses

Is your business technology holding you back?

Get a free 30-minute audit — we'll review your website, tech stack, and top growth opportunities.

Get Free Audit