Cloudflare is a free service that makes your website faster and more secure. It works as an intermediate layer between your visitors and your web server, filtering and caching traffic. In this article, we explain step by step how to set up and configure Cloudflare for optimal performance.

What does Cloudflare do exactly?

Cloudflare offers multiple benefits for your website:

  • CDN (Content Delivery Network): Your static files are distributed globally, allowing visitors to load them from a nearby server.
  • DDoS protection: Malicious traffic is automatically blocked before it reaches your server.
  • SSL certificate: Free HTTPS for your website, even if you do not have SSL on your hosting.
  • Firewall: Block specific countries, IP addresses, or suspicious requests.

Read more about the benefits in our article What is Cloudflare and why should you use it?

Step 1: Create a Cloudflare account

Go to cloudflare.com and create a free account. You only need an email address. The free plan is more than sufficient for most websites.

After creating your account, click "Add site" and enter your domain name (for example: yourwebsite.com). Cloudflare will then scan your current DNS records.

Step 2: Check DNS records

Cloudflare automatically imports your existing DNS records. Check that all records have been correctly imported:

  • A record: Must point to the IP address of your Theory7 hosting.
  • CNAME for www: Usually points to your main domain.
  • MX records: Essential for your email. Check these extra carefully.
  • TXT records: For SPF, DKIM, and other verifications.

Records with an orange cloud go through Cloudflare (proxy on). Records with a gray cloud go directly to your server (proxy off). For mail records (MX), the proxy must always be off.

Step 3: Change nameservers

Cloudflare gives you two nameservers that you need to set up at your domain registrar. At Theory7, you can do this via DirectAdmin under "DNS Management" or via MyTheory7.

The nameservers look like: anna.ns.cloudflare.com and bob.ns.cloudflare.com. Replace your current nameservers with these two. It can take up to 24 hours for the change to propagate globally, but usually it is active within an hour.

More information about nameservers can be found in our article What are DNS and nameservers?

Step 4: Set SSL mode (important!)

The SSL configuration is the most important part and often the cause of problems. Go to SSL/TLS in your Cloudflare dashboard and choose the correct mode:

This is the safest option. You need a valid SSL certificate on your hosting (for example Let us Encrypt via DirectAdmin). Cloudflare verifies this certificate with every connection. On Theory7 hosting, you can easily install Let us Encrypt SSL.

Full

Cloudflare also accepts self-signed certificates. Less secure than Full (strict), but works if your server only has a self-signed certificate.

Flexible

Only the connection between visitor and Cloudflare is encrypted. The connection to your server is unencrypted (HTTP). This can cause problems with redirect loops in WordPress and other CMS systems.

Note: Never choose "Flexible" if your website already uses HTTPS. This often causes an endless redirect loop where your site becomes unreachable.

Step 5: Configure caching

Cloudflare caches static files like images, CSS, and JavaScript by default. You can further optimize caching:

Browser Cache TTL

Set this to "Respect Existing Headers" if you have already set caching headers on your server, or choose a value between 4 hours and 1 year for static content.

Caching Level

The default "Standard" setting is fine for most websites. Only adjust this for very specific requirements.

Page Rules for WordPress

For WordPress, it is smart to exclude the wp-admin and login pages from caching:

  • Create a Page Rule for *yoursite.com/wp-admin/*
  • Set "Cache Level" to "Bypass"
  • Turn "Disable Security" off (leave security on)

Solving common problems

Redirect loop (ERR_TOO_MANY_REDIRECTS)

This often happens when you use "Flexible" SSL while your website forces HTTPS. Solution: set SSL mode to "Full (strict)" and make sure you have a valid SSL certificate on your hosting.

Mixed content warnings

When your site loads partly HTTP and partly HTTPS content. Enable "Automatic HTTPS Rewrites" under SSL/TLS > Edge Certificates to automatically fix this.

Website shows old content

Cloudflare caches your pages. After an update, you can clear the cache via Caching > Configuration > Purge Everything. For WordPress, you can also use the LiteSpeed Cache plugin that automatically clears the Cloudflare cache.

Email no longer works

Check that your MX records have the gray cloud (proxy off). Mail should never go through the Cloudflare proxy.

  • SSL/TLS: Full (strict)
  • Always Use HTTPS: On
  • Automatic HTTPS Rewrites: On
  • Brotli compression: On
  • Browser Cache TTL: Respect Existing Headers
  • Security Level: Medium

With these settings, Cloudflare works optimally with your Theory7 hosting. Do you have questions about the configuration? Our support team is happy to help you resolve any conflicts.