How to set up Cloudflare for your Indian website (free plan guide)

Cloudflare is free and makes most Indian websites 30–50% faster. Here is how to set it up correctly without breaking your email or SSL.

What Cloudflare does

Cloudflare sits between your visitors and your server:

Visitor → Cloudflare CDN (Mumbai/Chennai) → Your server

For cached pages, Cloudflare serves them from a node close to the visitor without hitting your server at all. For uncached requests, Cloudflare proxies and optionally optimises the response.

Benefits for Indian websites:

• Cloudflare has nodes in Mumbai, Chennai, and Delhi — visitors get much lower latency than reaching your server directly
• DDoS protection at the network level
• Free SSL via Cloudflare's edge certificates
• Automatic minification of HTML, CSS, and JavaScript
• Security headers

What it does not fix: Slow database queries, poor backend code, unoptimised images. Those need to be fixed at the origin.

What Cloudflare does NOT do to email

Cloudflare proxies HTTP/HTTPS traffic only. It does not proxy SMTP, IMAP, or POP3. Your email will continue to work through your host's mail servers as long as you:

1. Do not proxy your mail.yourdomain.com subdomain
2. Keep your MX records pointed at your host (not Cloudflare)

This is the most common source of confusion. We will handle it step by step.

Step 1: Create a Cloudflare account

1. Go to cloudflare.com and sign up (free)
2. Click "Add a site"
3. Enter your domain (e.g. yourdomain.com)
4. Select the Free plan

Step 2: Review the imported DNS records

Cloudflare will scan your current DNS and import your records. Review these carefully before continuing.

Key things to check:

The orange cloud = proxied. Click the cloud icon to toggle off (grey = DNS only) for your mail subdomain and any other non-HTTP services.

Step 3: Update your nameservers

Cloudflare will give you two nameservers (e.g. anna.ns.cloudflare.com and bert.ns.cloudflare.com).

Update these at your domain registrar:

If your domain is at VillageHosting:

1. Portal → Domains → your domain → Nameservers
2. Replace with the Cloudflare nameservers Cloudflare gave you
3. Save

At any other registrar: Log into the registrar's control panel → DNS/Nameservers → change to Cloudflare's nameservers.

DNS propagation takes 15 minutes to 48 hours. Cloudflare will email you when they detect the nameserver change.

Step 4: Configure SSL mode

In Cloudflare → SSL/TLS → Overview, choose your SSL mode:

Full (strict): Cloudflare connects to your server with SSL, and verifies the certificate is valid. Recommended if your server has a valid SSL certificate (which it should if you are on any modern cPanel host).

Full: Cloudflare connects to your server with SSL, but does not verify the certificate. Use this if you have a self-signed certificate on the server.

Flexible: Cloudflare connects to your server without SSL. This means data travels unencrypted between Cloudflare and your server, even though the visitor sees HTTPS. Avoid this for sites with logins or payments.

Never choose Off or Flexible for WordPress — Flexible mode causes infinite redirect loops with many WordPress configurations.

Step 5: Enable HTTPS redirect

In Cloudflare → SSL/TLS → Edge Certificates:

• Enable "Always Use HTTPS" — redirects all HTTP requests to HTTPS

Also enable "HSTS" if your site has been HTTPS for at least 6 months and you never intend to go back to HTTP.

Step 6: Configure caching for WordPress

Cloudflare caches static assets by default but does not cache WordPress HTML pages (they are dynamic). For WordPress:

Option A: Cloudflare "Cache Everything" Page Rule

1. Cloudflare → Rules → Page Rules → Create Page Rule
2. URL: yourdomain.com/*
3. Setting: Cache Level → Cache Everything
4. Edge Cache TTL: 1 hour

Then bypass cache for logged-in users and cart pages:

Create another Page Rule (higher priority):

• URL: yourdomain.com/wp-admin/* → Cache Level: Bypass
• URL: yourdomain.com/checkout/* → Cache Level: Bypass

Option B: LiteSpeed Cache + Cloudflare integration

If your host uses LiteSpeed (VillageHosting does), install the LiteSpeed Cache plugin. In the plugin settings, enable Cloudflare integration and enter your API key. This lets the plugin purge Cloudflare cache when you publish new content.

Step 7: Enable Cloudflare optimization features

In Cloudflare → Speed → Optimization:

• Auto Minify: Enable HTML, CSS, JavaScript
• Brotli: Enable (better compression than gzip for modern browsers)
• Rocket Loader: Disable for WordPress — it often breaks JavaScript-dependent functionality

In Cloudflare → Speed → Optimization → Image Optimization:

• Mirage: Enable (lazy-loads images for slow connections)
• Polish: Enable (Cloudflare compresses images at the edge) — choose Lossless or Lossy

Step 8: Configure security settings

In Cloudflare → Security → Settings:

• Security Level: Medium (filters obvious bots while allowing legitimate traffic)
• Bot Fight Mode: Enable (free, blocks common bots)

In Cloudflare → Security → WAF:

• The free plan includes Cloudflare's managed WAF rules. Enable them.

Protecting wp-login.php

Add a Cloudflare WAF rule to challenge or block access to wp-login.php from non-Indian IPs (if your admin access is always from India):

1. Cloudflare → Security → WAF → Custom Rules → Create rule
2. Field: URI Path | Operator: equals | Value: /wp-login.php
3. AND Field: Country | Operator: does not equal | Value: India
4. Action: Block (or Managed Challenge for a CAPTCHA)

Common issues after enabling Cloudflare

Email stopped working: You proxied your mail subdomain. Turn the orange cloud off for mail.yourdomain.com in DNS settings.

WordPress is returning mixed content warnings: Some assets are loading over HTTP. Install "Really Simple SSL" plugin or add define('FORCE_SSL_ADMIN', true) to wp-config.php.

Infinite redirect loop: You have Flexible SSL mode with WordPress configured for HTTPS. Change to Full or Full (strict) SSL mode.

Admin changes are not showing: Cloudflare is serving cached pages. In Cloudflare → Caching → Configuration → Purge Everything temporarily, or set up automatic cache purging with LiteSpeed Cache plugin.

Forms not working after enabling Bot Fight Mode: Some form JavaScript is being blocked. Try disabling Bot Fight Mode temporarily to test, then whitelist your specific form endpoints.

Checking Cloudflare is working

After setup:

1. Visit your site in an incognito window
2. Right-click → Inspect → Network → select a request → Headers
3. Look for cf-cache-status: HIT — this means Cloudflare served from cache
4. Also look for server: cloudflare — confirms Cloudflare is active

Check your site speed before and after on pagespeed.web.dev — you should see improvement in TTFB and fully loaded time.

Free vs Pro vs Business Cloudflare plans

The free plan is sufficient for most Indian websites. The paid plans add:

• Pro (US$20/month): Image optimisation, advanced WAF rules, faster support
• Business: Custom WAF rules, priority support, 99.9% SLA
• Enterprise: Custom pricing, dedicated support

For a standard WordPress or e-commerce site in India, the free plan is genuinely very capable. Upgrade only when you have a specific need the free plan cannot meet.