Embedded Files
1. Initial Audit
Review current DNS records.
Check SSL/TLS mode and certificate status.
Identify exposed origin IPs.
Evaluate current Page Rules and Firewall Rules.
2. DNS Configuration
Ensure all records are accurate.
Set A/CNAME records to Proxied (orange cloud).
Enable DNSSEC for domain integrity.
3. SSL/TLS Settings
Set SSL mode to Full (Strict).
Enable:
Always Use HTTPS
Automatic HTTPS Rewrites
TLS 1.3
Minimum TLS Version: 1.2
4. Security Settings
Enable Bot Fight Mode.
Turn on Browser Integrity Check.
Set Security Level: High for sensitive paths.
Create custom Firewall Rules:
Block known bad bots.
Restrict access to /wp-admin, /xmlrpc.php, etc.
5. Performance Optimization
Enable Auto Minify for HTML, CSS, JS.
Turn on Brotli Compression.
Configure Caching:
Cache Level: Standard or Cache Everything for static assets.
Edge Cache TTL: 7 days
Browser Cache TTL: 1 day
6. Page Rules Setup (Max 3 on Free Plan)
Rule 1: https://yourdomain.com/ → Always Use HTTPS
Rule 2: yourdomain.com/wp-admin* → Security Level High, Cache Level Bypass
Rule 3: yourdomain.com/assets/* → Cache Everything, Edge TTL 7d, Browser TTL 1d
7. Monitoring & Reporting
Use Cloudflare Analytics to monitor traffic and threats.
Provide monthly reports to clients.
Recommend upgrades if needed (e.g., Pro Plan for WAF).
Google Sites
Report abuse