If you’re considering using Cloudflare with your Pressable site, this article explains why we recommend using Cloudflare for DNS management only, not as a proxy service.
Pressable includes comprehensive security and performance features built specifically for WordPress. Adding Cloudflare’s proxy service (the “orange cloud” setting) on top of our platform can actually reduce performance and security effectiveness.
Bottom line: For the best results on Pressable, use Cloudflare’s “DNS Only” setting (the “grey cloud”) rather than the proxied service.
How Pressable’s Security Works
Every site on Pressable is protected by a multi-layered security and performance system designed specifically for WordPress. This integrated approach removes the need for additional third-party tools.
- WordPress-Specific Web Application Firewall (WAF): Our WAF is not a generic, one-size-fits-all solution. We have built it alongside Automattic and WP Cloud with an intricate and diverse set of rules. These rules specifically target and block known web, PHP, and WordPress exploits before they can harm your site.
- Global Network & DDoS Protection: Your site is served by a global network of core and edge data centers. All inbound requests are routed through an Anycast network, which automatically connects visitors to the closest physical data center. At each edge location, an NGINX load balancer analyzes incoming traffic. This system is designed to absorb large traffic spikes and can withstand most DDoS attacks by default. Our dedicated network team actively monitors for threats and deploys advanced DDoS mitigations to ensure platform stability.
- Proactive Platform-Level Security: We actively monitor the web for emerging threats. When critical vulnerabilities are discovered in WordPress core, themes, or plugins, our team can deploy platform-level mitigations. This provides a rapid layer of protection for your site, often without requiring you to perform an update yourself.
Why Cloudflare’s Proxy Conflicts with Pressable
When you enable Cloudflare’s proxy, all of your site’s traffic is first routed through Cloudflare’s network before it reaches Pressable. While this can be beneficial in some environments, it creates significant conflicts with our optimized platform.
- Hiding Crucial Visitor Information: The primary issue with a proxy is that it masks the identity of the original visitor. Key security signatures (like the visitor’s IP address, ASN, user-agent, and TLS fingerprint) are replaced with Cloudflare’s information. This prevents our WAF and security systems from seeing the real visitor, making it difficult to distinguish legitimate traffic from malicious attacks.
- Interference with Rate Limiting: Our platform uses rate limiting to block suspicious traffic patterns. Because all proxied requests come from a narrow range of Cloudflare IPs, a high volume of legitimate traffic can look like a malicious attack. This can cause our systems to trigger a false positive and block valid users or essential services from accessing your site.
- Complicating Troubleshooting: When our support team needs to diagnose a problem, server logs are often a critical tool. With Cloudflare’s proxy active, these logs only show traffic coming from Cloudflare, not the original visitor. This severely limits our ability to find useful information and effectively troubleshoot issues with your site. In some rare cases, user-configured page rules or other settings within Cloudflare can also break third-party integrations on your site.
The Recommended Solution: DNS Only
You can still use Cloudflare’s excellent DNS management services without causing these conflicts. The solution is to disable the proxy feature for your DNS records pointing to Pressable.
DNS Only (“Grey Cloud”): In your Cloudflare DNS settings, changing the proxy status from “Proxied” (an orange cloud) to “DNS Only” (a grey cloud) will send traffic directly to our network. This allows our security and performance systems to function as intended.
For a step-by-step guide, please see our knowledge base article: How to Point Cloudflare DNS Records to Pressable.
Key Takeaways
To recap the most important points:
- Pressable’s security platform is powerful, deeply integrated with our network, and specifically optimized to protect WordPress sites.
- Cloudflare’s proxy service conflicts with our systems by hiding visitor data, which hinders our WAF, rate limiting, and troubleshooting capabilities.
- The best practice is to use Cloudflare for DNS management only (“grey cloud”), allowing our platform to protect your site as designed.
See more on how Cloudflare and Pressable stack up on our comparison page: Cloudflare vs Pressable: WordPress Edge Cache Solutions Compared.