I’ve run some tests on tools.keycdn.com and it seems that I’m having performance issues on the website in some locations (seems like the further from Germany, the worse it gets, which is weird, since CDN should fix this problem). Is there something more that I should setup on my Cloudflare account?
Strictly speaking Cloudflare is not a CDN, but - assuming you are not caching your main page - the cache on the proxies will only speed up cached resources, not TTFB.
I guess your server is in Germany in this case, right? As you said, the farther it is away the longer it will take to get the response.
Considering that 130 milliseconds is a bit I’d assume your server has some room for improvement when it comes to its own TTFB. Alternatively you could also cache your main page and have it served from cache, but whether you can do this really depends on your site’s structure.
Note when testing keep in mine the testing tool servers’ locations and configuration too. Sometimes the slowness is due to keycdn tool’s geographic servers as well. You can verify using other tools like webpagetest.org which has advanced features you can use to reveal these additional Google focused pagespeed metrics i.e. Google Lighthouse Report
So try testing different urls one your index page (dynamic content if served via php etc) and test a css/js static file and compare your times. Cloudflare by default will accelerate the css/js static file so should be faster. You can check the response headers show by keycdn tools to see if cloudflare cache hit/miss/dynamic status. Re-run the test to warm up cf cache and see too.
But you can tell Cloudflare to cache dynamic/static generated html content to some extent depending on Cloudflare plan you’re on via cache everything page rule but have to be careful to only do this for static html content and not dynamic html content (otherwise you would cache private logged in user content).
The easiest way to setup Cloudflare for your WordPress site.
Web application firewall (WAF) rulesets
Available on all of Cloudflare’s paid plans, the WAF has built-in rulesets, including rules that mitigate WordPress specific threats and vulnerabilities. These security rules are always kept up-to-date, once the WAF is enabled, you can rest easy knowing your site is protected from even the latest threats.
Automatic cache purge
Occurs when you change the appearance of your website. This means that you can focus on your website, while we ensure that the latest content is always available to your visitors.
(Note: By default, Cloudflare does not cache HTML, and a cache purge is not required on updating HTML content such as publishing a new blog entry).
It might be that the routes between the non-European PoPs of Cloudflare and your host are not the best. In this case you might want to have a look at Argo (https://blog.cloudflare.com/argo/) as that would ideally choose better routes, though it is a paid feature.