Security Best Practices For Cloudflare Configurations


I am looking forward the security best practices for Cloudflare configurations and found just some like DDOS best practices etc… We are feeling that there are a lot security hardening parts missing and so we want to setup security best practices on each of feature included in our subscription.

Really appreciate your kind support.


Thank you for asking.

May I ask which Cloudflare plan are you using? :thinking:

Kindly see more by reading Cloudflare articles which contain a lot of helpful information for better understanding and usage as well in terms of Security and Protection:

Each Website is different, meaning not all apply for each, if so.

If using Pro plan or higher, with a single click you can enable Cloudflare WAF and configure the rules as needed which provide really good protection.

There is also Bot Fight Mode too and other tools like IP Access Rules, etc.

Rate Limiting is also a good feature to try out.

Here are few my posts which include external resources such as some specific Firewall Rules to protect WordPress, #firewall tips, bad bots “user-agents”, asn list, etc.

We can lock down our web host and allow only the Cloudflare to connect and similar techniques:

We can use Cloudflare Access / Zero Trust (Teams):

Otherwise, you could use the search :search: menu to find out more examples here at the Community :wink:

1 Like

Thanks for prompt response! We will look to your articles and it would really big helpful for us. We subscribed enterprise plan and so we want to utilized all the security best practices to protect our web resources as much as we can.

Thanks again.

Best Regards

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.