In 2015 we began activating Cloudflare on client website hosting accounts. Cloudflare is a cloud platform designed to improve website performance and protect websites against online threats. They offer a free tier and also paid services - we were activating the free service. Our upstream website hosting provider added a plugin to cPanel, which enabled us to manage Cloudflare directly from within the cPanel hosting account.
Over time we've examined the benefits or otherwise in utilising this free Cloudflare service. There are a number of issues relating specifically to Australian websites and the free Cloudflare plan, which are outlined in this 2017 article "The declining value of Cloudflare in Australia".
In essence, that article explains that Australian ISPs (looking at you, Telstra & Optus) are charging far above global industry norms for traffic, with the result that Cloudflare decided to route most Australian traffic on their free tier plans through an international point of presence, usually Singapore or the United States. This results in slower website experiences for Australian visitors to your Australian website, because the site has to load via Singapore or the US.
Recently our upstream hosting provider announced they were removing the Cloudflare plugin from cPanel hosting accounts. They explain that the plugin is not being maintained, which causes them technical issues, and cite "many of our customers have found increasingly diminished value in using Cloudflare". Being able to manage Cloudflare via cPanel was extremely simple when managing multiple hosting accounts, so no longer having access to this just means more places to login to manage changes.
Last week we removed Cloudflare from a client site, as we were experiencing a different issue around DNS settings. Removing Cloudflare simplified the DNS issue, and there was no significant difference in website access speed. At the same time we activated LiteSpeed Cache, which is enabled on the hosting servers and has a specific installation for Joomla websites. This configuration change has resulted in a better and faster experience on that website for Australian visitors.
Our hosting provider also utilises a variety of enhanced security features including hardware firewalls, dynamic mod_security rules and Corero DDoS Mitigation, which provide a similar type of online threat protection as Cloudflare does, so we feel that removing Cloudflare does not make a website hosted by us any less secure than it would be with Cloudflare.
In the coming weeks we will assess each client site and ascertain whether to persist with Cloudflare or not. Essentially, if a website is primarily Australian-facing, there is probably little if any benefit in utilising Cloudflare. If a website is international-facing, free Cloudflare may still be appropriate, or we may need to explore paid options. Some websites may have been configured with a "partial zone" and would now be better suited to a "full zone" setup so they can be fully managed within Cloudflare.com. Any of these options may require configuration changes, which may or may not have a short term impact on the website. If your site may be affected you will be advised accordingly, and the required changes made at a time with the least impact to your business.
If you have any questions, please contact us or drop a comment below.