Please explain: This Zone is in pending state and contains proxied records

As I try to add website, I get this message
This Zone is in pending state and contains proxied records. Until the Zone is activated, Dns queries to proxied records will expose the Origin Ip and hostname and traffic cannot be proxied through Cloudflare.

What does this mean and how to solve this?

For the record: I did add a website even though this message prompt and it did eventually disappear as my website successfully connect to Cloudflare.
But it made my WordPress /wp-content and /wp-includes mark as Deceptive on Google. Does this have to do with the Zone Pending and Dns queries exposed? Or, it has to do with Fire Wall Rule that I set to block access /wp-admin, /wp-includes and /wp-content?
Nevertheless, I deleted that infected website and now, I want to add my main domain to Cloudflare and avoid same mistake to mark as Deceptive on Google.

Domain Registrar and Hosting Provider is done on same provider, Hostinger.

The domain is not active yet and you first need to configure it properly with the right nameservers.

What’s the domain?

If it’s what I think it is, then it’s not using Cloudflare right now.

You need to follow the setup instructions.

Domain name is “fagohub. com” and it was register a week ago.
The process is simple to add Cloudflare; add website to Cloudflare and change name servers.
I have done to others site and doesn’t prompt this.

Just before changing Nameserver, I am prompted this message at Cloudflare. The conclusion, I get from this message is that – after changing nameserver to Cloudflare, my website will be vulnerable before Cloudflare can connect successfully.

As I said before, I did tried it with another website; “trendingdigital. xyz” for test. And it was marked as Deceptive by Google (/wp-content and /wp-includes), however there was no url marked on Google Console, just warning. I did tried WordPress plugins and find no malware.

Well, I think it was due to the fire rule I created to block access to /wp-admin, /wp-content and /wp-includes, but wp-admin was not marked Deceptive.

Can you explain me the reason for this message to appear and how to add my website without being vulnerable in the process?

In that case it’s precisely what I explained before.

I’m really confused right now, as why this message is being promoted to website old as a week ?
And if yes, how old does a website has to be to not being prompt with this message?

Again, your domain is not set up for Cloudflare.

I’m sorry to bother you, but do you mean to add Cloudflare dns on my website?

Sure, you want to use Cloudflare, right?

Yes, but without being promoted with zone is pending

Hence you need to set up Cloudflare.

Can you put it in simple words.
You want me to change Nameserver in my hosting server. Then I do know that process, and as for Dns Checker, you provided I did get somewhat of idea but not completely to how?

I am not sure how much more simple I can phrase it :slight_smile:

Your domain is currently not using Cloudflare, hence the message you get. You simply need to follow the instructions you received when you added your domain. If there is something unclear, it’s best to follow

Yes, I know I am not using Cloudflare as I have not change my nameserver to Cloudflare.

I just want to know what that message means.

What I wrote an hour ago.

Yes, I get that. But why it prompted this time and not before for “junarsh .com. np” and in the process, “Is my domain vulnerable?”

If your other domain is properly configured, you won’t get the message of course.

You see, you lost me there. My main question is why this message is being prompt and is my website vulnerable in the process.
And you said changing Nameserver to Cloudflare will resolve this.
I know that, I tried that, it will go away eventually but it also lead Google marking some part of website as Deceptive, and as of which I deleted that website.

You get this message because your domain is not on Cloudflare.

I get that, but I want to know is why was my previous website trendingdigital. xyz was marked as Deceptive.
Is it have to do with Fire rule, where I block access to wp- admin/content/includes, if yes but why not wp-admin was marked and only two folders.
For the record, I deleted that website