What this plugin can do for you

One-click WordPress-optimized settings

The easiest way to setup Cloudflare for your WordPress site.

Web application firewall (WAF) rulesets

Available on all of Cloudflare’s paid plans, the WAF has built-in rulesets, including rules that mitigate WordPress specific threats and vulnerabilities. These security rules are always kept up-to-date, once the WAF is enabled, you can rest easy knowing your site is protected from even the latest threats.

Automatic cache purge on website updates

Occurs when you change the appearance of your website. This means that you can focus on your website, while we ensure that the latest content is always available to your visitors.

Automatic individual URL cache purge on page/post/custom post type edits

Cloudflare’s plugin for WordPress automatically refreshes the Cloudflare cache of each post/page/custom post type when you update the content.

Additional features

  • Header rewrite to prevent a redirect loop when Cloudflare’s Universal SSL is enabled

  • Change Cloudflare settings from within the plugin itself without needing to navigate to the dashboard. You can change settings for cache purge, security level, Always Online, and image optimization

  • Ver analíticas como el total de visitantes, el ancho de banda ahorrado y las amenazas bloqueadas

  • Compatibilidad para HTTP2/Server Push


  • Cloudflare Plugin


Requisitos previos

Asegúrate de que tu versión de PHP es 5.3.10 o superior.

Desde tu escritorio de WordPress

  1. Visita «Plugins» ⟶ Añadir nuevo
  2. Busca Cloudflare
  3. Activa Cloudflare desde tu página de Plugins.


  1. Descargar Cloudflare
  2. Sube la carpeta «cloudflare» a tu directorio «wp-content/plugins/» empleando FTP, SFTP, SCP, etc.
  3. Activa Cloudflare desde tu página de Plugins.

Una vez activado

  1. Ve a
  2. Accede con tu cuenta de Cloudflare. (Si no tienes una cuenta de Cloudflare, primero tendrás que registrarte)
  3. Presiona el nombre de tu cuenta en la esquina superior derecha y selecciona «Mis ajustes»
  4. Haz scroll hacia abajo hasta «Clave API» ⟶ «Clave API Global» ⟶ Ver la clave API
  5. Pegar la clave de la API
  6. Volver a la página del plugin de Cloudflare para WordPress
  7. Introduce tu dirección de correo electrónico y pega tu clave de la API.
  8. Presiona en «Acceder».


¿Necesito una cuenta en Cloudflare para poder usar el plugin?

Sí, al instalar y activar el plugin, se les pedirá a los nuevos usuarios que introduzcan su dirección de correo electrónico (usada para registrar una cuenta en y su clave de usuario de la API. Esto es necesario para poder disfrutar de todas las características ofrecidas por el plugin.

¿Qué ajustes se aplican cuando hago clic en «Aplicar los ajustes por defecto» en el plugin de Cloudflare para WordPress?

Puedes revisar los ajustes recomendados que se aplican aquí.

¿Funciona el plugin si tengo Varnish activado?

Sí, Cloudflare funciona y ayuda a acelerar tu sitio aún más, si tienes Varnish activado.


23 de julio de 2020
As a paying Cloudflare user, I am very disappointed that support questions are just ignored. The version of WordPress is 5.4.2 but the recent update (from 3 weeks ago) was only tested up to 5.2.7. It was even worse before the last update was almost a year prior. I expect more from Cloudflare.
29 de febrero de 2020
Cloudflare is overrated tool which slows down my websites. Maybe because I use the free version, I dont know.
28 de noviembre de 2019
This plugin is useless, as it can't prevent infinite redirect loops when enabling https
12 de septiembre de 2019
While the free support is not fantastic (though it used to be better), the service is amazing for what you pay (especially the free plan). The host of features you get for free is nothing short of astounding. Been using Cloudflare since they launched years ago, and it's been pretty cool to see the growth of features services over that time.
Leer todas las 123 reseñas

Colaboradores y desarrolladores

«Cloudflare» es un software de código abierto. Las siguientes personas han colaborado con este plugin.


Traduce «Cloudflare» a tu idioma.

¿Interesado en el desarrollo?

Revisa el código , echa un vistazo al repositorio SVN o suscríbete al registro de desarrollo por RSS.

Registro de cambios

3.7.0 – 2020-09-25

  • Bump cloudflare-plugin-backend v2.3.0 and cloudflare-plugin-frontend v3.1.0 #283

3.6.0 – 2020-09-17

  • Bump cloudflare-plugin-backend #276

3.5.1 – 2020-07-02


  • Fixed Cache Purges failing #266

3.5.0 – 2020-06-26


  • Disable HTTP/2 Push on wp-admin pages #214
  • Fix PHP 7.4 notice #256


  • Purge attachment URLs #208
  • Purge URLs on page/post update #206
  • Turn on IPv6 by default #229
  • Add constants for better control HTTP/2 Server Push #213
  • Allow custom actions for purge url and purge everything actions #212

3.4.1 – 2019-08-29


  • Updated list of contributors.
  • Updated tested WordPress version to latest (5.2.2).

3.4.0 – 2019-08-29


  • Added support for API Token authentication.

3.3.2 – 2017-12-12


  • Fallo en cf-ip-rewrite


  • Añadido nuevo filtro cloudflare_purge_by_url permitiendo a los usuarios tener mejor control de las urls purgadas automáticamente.

3.3.1 – 2017-6-29


  • Error potencial por usar $_GET.

3.3.0 – 2017-6-29


  • Added a new Splash Screen
  • Added userConfig.js file allowing custom configurations.
  • Added logs in debug mode for Automatic Cache Purge.
  • Added logs for oversized Server Push HTTP headers.


  • Automatic Cache Purge now purges Autoptimize by everything rather than by URL.
  • Updated IP Ranges


  • Bug where domains which had capital letters not working.
  • Bug where Automatic Cache Purge couldn’t purge front page.
  • Bug related to work with IWP.
  • Bug where if PHP is compiled with ipv6-disable flag, it crashed the site.

3.2.1 – 2017-3-14


  • Bug where accounts which had more than 20 zones would not show up correctly.

3.2.0 – 2017-3-1


  • Bypass Cache By Cookie functionality.
  • HTTP/2 Server Push functionality (disabled by default).


  • Lowered the plugin size.
  • Automatic Cache Management feature includes purging taxonomies.
  • Automatic Cache Management feature supports sites which use both HTTP and HTTPS.


  • Admin bar disappearing from the plugin.
  • Bug where spinner was loading forever.
  • Bug where the backend errors where not being shown in the frontend.
  • Issues where IE11 was not working properly.

3.1.1 – 2016-11-17


  • Moved Admin Bar behind Automatic Cache Purge toggle.

3.1.0 – 2016-11-17


  • Added ability to automatically purge cache when a post is published, edited or deleted. (Thanks to brandomeniconi and mike503)
  • Added ability to work with WordPress MU Domain Mapping plugin. (Thanks to brandomeniconi)


  • Changed the UI to look more like dashboard.
  • Changed plugin description.
  • Disabled showing WordPress Admin Bar and Edit Post Link to avoid caching problems for users using HTML Caching.


  • Fixed bug where require vendor folders was not working.
  • Fixed bug where static files were cached which caused issues updating the plugin.
  • Fixed dependencies which caused issues with PHP Compatibility Checker plugin.

3.0.6 – 2016-10-6


  • Added ability to toggle Development Mode.


  • Fixed bug where active zone dropdown was not working properly.


  • Compressed resources to lower plugin size.
  • Updated Cloudflare logo.

3.0.5 – 2016-09-28


  • Fixed bug where refactored Flexible SSL fix was causing the settings page hook not to load.

3.0.4 – 2016-09-27


  • Ability for users to toggle Automatic HTTPS Rewrites (enabled by default, solves for most mixed content errors).


  • Fixed an issue where low PHP version where getting syntax error.
  • Fixed issue where some users using Flexible SSL where not able to login to wp-admin .
  • Fixed a bug where the active zone selector was not paginating through the whole zone list.
  • Fixed an issue where the setting for Image Optimization was being displayed incorrectly.
  • Fixed a bug in Analytics where the  Uniques Visitors data was not displaying accurately.


  • Compressed assets to lower plugin size.
  • Hooks loading logic refactored to make it more simple and readable.

3.0.3 – 2016-09-21


  • Fixed an issue where some domains were being incorrectly propagated to the domain selector dropdown
  • Fixed an issue where the Web Application Firewall was accidentally triggering RFI Attack Rules
  • Fixed an issue where image optimization was not being enabled for Pro and higher Cloudflare plans

3.0.2 – 2016-09-16


  • Disabled HTTP/2 Server Push which was leading to 520 and 502 errors for some websites.

3.0.1 – 2016-09-16


  • Fixed HTTP/2 Server Push exceeding the header limit Cloudflare has which caused 520 errors.
  • Fixed warning message in HTTP/2 Server Push.

3.0.0 – 2016-09-15


  • Added one-click application oft WordPress specific recommended settings
  • Added ability to purge the Cloudflare cache
  • Integrated with WordPress cache management to automatically clear the Cloudflare cache on updating site appearance
  • Added ability to change Cloudflare settings (Always Online mode, I’m Under Attack, Image Optimization, Security Level, Web Application Firewall)
  • Added Analytics showing Cached Requests, bandwidth used, unique visitors, threats blocked
  • Added Header rewrite to prevent a redirect loop when Cloudflare’s Universal SSL is enabled
  • Added HTTP/2 Server Push support
  • Added Support for PHP 5.3+


  • Removed HTTPS Protocol Rewriting
  • Removed submission of spam comments
  • Removed ability to toggle Development Mode On/Off


  • Updated user interface
  • Started to support WordPress 3.4+ instead of 2.8+ because we depend on the WordPress Options API