Pros and Cons of CloudFlare

After much procrastination (I had a beta invite years ago) I finally decided to give CloudFlare a try.  About 10 days ago I setup Cloudflare for one of my smaller websites and over the last week have added 3 more. For those that don’t know what CloudFlare is, the short answer is that it is a CDN (Content Distribution Network) service that also offers some nifty security features.  CloudFlare claims that it can stop or prevent DDOS attacks, hacking attempts and spam all while making your website faster.

Picture of the CloudFlare logo

So far, overall, I love Cloudflare and will probably setup the rest of my sites to use in the next few days – for the cost, so far it seems to be a no brainer.  Not perfect, but very, very good.  Here is my shortlist of pros & cons of using Cloudflare.

Pros of Using CloudFlare:

  • Very easy to setup and use.  If you use WordPress or Drupal, and have access to your domain registrar (to change your nameservers) it’s not difficult to get up and running
  • “Set it and forget it” security – not the best security solution, and probably not perfect, but if you’re on a shared host or don’t have aspirations of being a security expert, it’s way better than nothing
  • Easily block IP’s, IP-ranges, and even entire countries
  • Great performance boost!  The “CDN” will deliver cached images and other bits of your website (but not the HTML) to your visitors from one of the several Cloudflare data-centers located around the world instead of from your webserver.  It will also optionally minify your HTML, Javascript, and CSS.  The result is a measurable improvement in the perceived performance of your website.
  • “Always Online” – Because CloudFlare is (like) a CDN, it can continue to serve cached versions of most (but not all) of your webpages even if your website goes down.  Earlier this week my datacenter had to replace a hard drive on my dedicated server.  The server was down for the better part of 2 hours, and yet the majority of my pages were still available via the Cloudflare cache (awesome!!)
  • Cost: All of the basic features of Cloudflare are FREE, and the basic features are probably all you need – and no constant upsells!

Cons of CloudFlare:

  • Limited security rules. Cloudflare’s basic/shared protection is great, but if you need custom page-rules you are limited to only 3.  If you are on a shared web-host, this is still a giant improvement over nothing, but if you are on a dedicated server running Mod_Security and integrated CSF (like me), it’s very limiting.
  • Limited stats and analytics.  The threat and attack statistics are very limited in detail – but still far better than nothing.  The daily traffic reports are also limited, but you can still use your Google Analytics and this becomes a non-issue.
  • Minifying & “Rocket Loader” can break your stuff – Not necessarily a “con”, as any minification and asynchronous loading can break your webpages.  Just be aware, and be sure to test your website carefully.

Overall I am loving Cloudflare – If you are looking for a way to make your blog or website more secure, speed it up, or make sure it’s always available I highly recommend that you give it a try.  Even though Cloudflare is relatively easy to get up and running, at iHelpers.NET we are offing a special price on setting up your CloudFlare if you need help or just don’t have the time to deal with it yourself.

 

10 thoughts on “Pros and Cons of CloudFlare

  1. Hey Randy,

    I’m a huge fan of CloudFlare. I mean, look at the features they are offering for
    free! Basically, I love it, because, as you said, it is very easy to set up. And
    it brings with it an amazing boost to the performance of the site! Features
    like minifying of CSS, JS and HTML makes sure that I don’t need extra WordPress
    plugins to do those jobs!

    The ‘Always Online’ feature is also great, ensuring that a saved copy of the blog
    is displayed even if the blog is actually down!

    But yeah, there are some cons also. Like you said, less security features are
    offered and that too, we have to run through it. But talking about Minifying
    and Rocket loader, they don’t break part of my blog anymore.

    The folks at CloudFlare it seems have been working on it and finally fine-tuned it!
    Earlier, enabling rocket loader used to break social sharing plugins and ads
    displayed on my blog. But now, no more problems!

    I’m Kingging this post on Kingged.com, so that more people read this post, like I did, and get to know about CloudFlare well.

    Just like you, I also love CloudFlare. It has really helped me fasten up my blog’s
    page speed.

    Arun

  2. I am thinking of using cloudflare, but what you said about breaking you site apart from minifying scared me, as I had problems with social shares plugins and slider revolution while I was using minifying plugins and I thought cloud flare would help?!!

    1. The nice thing is that you can turn these options on/off very simply in the Cloudflare dashboard.. So set it all up.. test.. then test again in a different browser/incognito.. If anything looks borked, just turn these options off.

  3. We just started using the free version of CloudFlare with our Bluehost.com Cloud Shared Business account. It seems to have made a performance difference and the security features are welcome. We want to force our site to SSL (HTTPS) and see that we need to upgrade to paid Platinum CloudFlare at $15 a month for CloudFlare to support SSL. Would like to read some reviews of Platinum and its benefits over free. Also how well it handles SSL.

    1. I’m using the Pro plan on several websites. Honestly, I don’t think it’s worth the cost unless there was some specific item that’s not in the free plan that you have to have. I can’t see or measure any of the claimed “faster performance”, and the WAF is still limited. You could use a better CDN like MaxCDN for $5 or $6 per month and get a host with FREE managed WAF built-in like iHelpers.NET for much cheaper.
      If you don’t have an SSL certificate on your website already then you dont get ‘real’ or full HTTPS with Cloudflare. The SSL/secure connection is only between the visitor’s web-browser and the Cloudflare reverse proxy. The connection from the secure proxy to your webserver is still plaintext/un-encrypted and prone to snooping.
      PS – i dont see a “Platinum” plan for $15.. only the Pro plan for $20 ??

  4. Hello Randy,
    I think CloudFlare is the best deal if you are looking for a free CDN service. However if you want to go premium, you can opt for other alternatives ( MaxCDN, KeyCDN, Incapsula).
    Cheers !

  5. Hi. Awesome read. I’m worried about a website that uses Cloudflare, and it’s neighboring IPs. It does hide your original IP. But how does it affects the website’s SEO if for example, on the same IP range, there are pornographic websites and such?

    I don’t know how Google deals with “neighborhood”. Any thoughts?

    1. The Orig-IP information is still available in the header for visitors coming in via IP so I’m sure that Google can see this and know who is who.

Leave a Reply

Your email address will not be published.