Need help? Check out our Support site, then

Does block/limit traffic coming through CloudFlare?

  1. I use CloudFlare to manage my content caching, DNS, Google Analytics, etc.

    In the past couple of weeks, when I see an uptick in traffic to my site, I soon find that requests coming through CloudFlare fail with the error that my site ( is offline.

    As soon as I go to CloudFlare and turn off everything but DNS, my site works fine again; if I wait an hour or so, I can turn back on the routing through CloudFlare and everything works fine again (until the next time).

    Does anyone have any thoughts or insights into this behavior?

    The blog I need help with is

  2. I know that Cloudflare itself had some problems last week: it hosted several sites which were attacked and downed, and there may have been a spillover effect to other services like DNS. I'm afraid that's all I can suggest.

  3. Thanks! DNS itself seems unaffected; it's only when traffic flows through CloudFlare for caching and insertion of Google Analytics (and would therefore potentially be seen by WordPress as coming from CloudFlare's IPs) that I have the problems.

    I have not had any issues with this setup in the past six months, so it's strange for either services to be acting strangely now—whether this is caused by WordPress or CloudFlare.

  4. softwaretrading

    I've started experiencing the same thing starting on Friday. I raised a ticket with cloudflare, and they are saying that is not allowing them to view the latest version of the pages. Let me know if you come across a solution to this problem (other than turning off cloudflare), as I find cloudflare's google analytics to be very useful and their cacheing to work reasonably well too, in terms of performance.

  5. I'll definitely post here if I find an actual resolution, but so far it's just a bunch of finger pointing. :)

    What's fascinating is that I have two other sites with traffic flowing through CloudFlare; each of those sees fewer than 50 hits per day and they never seem to be affected.

  6. Based on the notes in the now-closed thread referenced above, it is worth noting that in my DNS configuration on CloudFlare, I have tried both A record DNS entries for and CNAME record entries pointing to I currently have it set so that is a CNAME of, and nslookup returns the same results for and

    All of the entries I've tried work perfectly for actual name resolution, so I don't think it's simply a "WordPress does not provide static IP addresses" problem or anything of that nature. The problem only occurs when traffic to goes through the CloudFlare servers so they can inject the Google Analytics scripts.

    It's also worth noting that anyone using CloudFlare for their DNS and traffic management is necessarily a paid upgrade user on, since otherwise we'd have no custom domain mapping to work with.

  7. Wow, I didn't realize that these forums don't allow inline code using the backtick. Sorry for that horrific formatting; I was just trying to highlight domain names and their settings, not create a column of unreadable text.

  8. Posting a screenshot for Staff may be the way to go. Please post screenshot, upload it to your Media Library, and return to this thread to provide the file name so Staff can examine it.

  9. The backticks here are for displaying html code. Your use was not actually html code. Did I fix it properly?

  10. Screenshot of ... what? Current settings? Errors caused by potentially bringing my site offline by turning CloudFlare back on?

    Let me know what the screenshot should contain, and I'll be happy to provide it.

  11. I think she was referring to your code. Did I fix it properly?

  12. Yep, 1tess, that's much better. Thanks!

    (I was instinctively using StackOverflow formatting, where backticks let you mark a word or phrase of text as code "inline," without setting it off as its own code block.)

  13. softwaretrading

    By the way, I have disabled cloudflare (currently only using it for DNS resolution), and I am still getting timeouts. I'm monitoring my uptime with pingdom (as always).

  14. softwaretrading

    To be precise, I've had 11h30m downtime during the last week starting with Feb16, with 81 failures (93.55% uptime over the last 7 days). Happy to upload a screenshot of my pingdom monitor if it helps.

  15. softwaretrading

    Hi there is there any update on this?

  16. No there's isn't and there's another thread waiting for Staff as well here >

  17. I'd like a resolution to this as well, as my site was taken down for a couple of days due to this issue. Had to turn Cloudflare off entirely.

  18. We can't really support Cloudflare here, as we only support domain mapping via name servers. We do not have static IP addresses, which makes pointing Cloudflare to your blog (via an A record to an IP address) problematic at best.

    To explain briefly, we have a growing number of datacenters with thousands of servers between them. is already built on top of a cloud architecture, so when one server goes offline, everything is routed over to another transparently. When your domain is mapped to us by name servers, this all happens automatically.

    With Cloudflare, you're directing the domain to one IP. If that server/IP goes offline, so does your site, there's nothing we can do about that.

    There's a bit more involved, but that's the short version.

    If you want consistent performance with a mapped domain on, you'll need to direct the name servers to us.

  19. softwaretrading


    What I don't understand is why this worked (support for cloudflare) for quite a while, and then suddenly just stopped.

    Moreover, even with cloudflare turned off to prevent any potential conflicts, my site availability was 69% and 72% (EU and US) over the past week, despite being pretty much 100% for a long time.

    I've been a blog owner here for a number of years with minor paid upgrades, referred many times, and I've never seen anything close to this.

    If you don't want to support cloudflare, is there any plan to use something like nginx to speed up the sites, as response times on their own so-so. This is important not only from the point of view of SEO but also blog reader experience.

    Is there any way that we can get a few IP addresses to put into cloudflare, to bypass the DNS problem, and see if that is good enough to keep this going?


  20. What I don't understand is why this worked (support for cloudflare) for quite a while, and then suddenly just stopped.

    It looks like we retired the IP address that you had your A Record directed to. As is a cloud-based infrastructure, we cannot guarantee 100% uptime for every server or IP, but we can guarantee fairly solid uptime for the entire system as everything can easily fail-over to another server/IP. If you're mapping to a specific IP, you'll be left behind when that happens.

    Your name servers are directed to Cloudflare, so your DNS is controlled by Cloudflare. We can't control where your connection goes if it's directed to a single IP, even if that IP has been retired. If you direct your name servers to us, we have control over the DNS, and that's how we can redirect everything if a server or IP goes offline.

    Moreover, even with cloudflare turned off to prevent any potential conflicts, my site availability was 69% and 72% (EU and US) over the past week, despite being pretty much 100% for a long time.

    Turning off Cloudflare's features don't change anything. If your name servers are still directed to Cloudflare, it means you're directed to a single IP here via an A Record, and that leaves you open to the same problem described above.

    If you don't want to support cloudflare, is there any plan to use something like nginx to speed up the sites, as response times on their own so-so. actually runs on nginx.

    Is there any way that we can get a few IP addresses to put into cloudflare, to bypass the DNS problem, and see if that is good enough to keep this going?

    No, there are over a hundred of them, and we cannot guarantee their availability. We can pretty much guarantee the availability of the entire system and its fail-overs (moving traffic to another server when one fails), but we cannot guarantee the availability of one single component, which is why mapping to a single IP via A Record is a very bad idea.

  21. There is a difference, of course, between "not supported" and "actively blocked."

    If WordPress does not support off-site DNS but does not actively block traffic coming through CloudFlare, the problem is with CloudFlare and we assume all risk for traffic routing because we choose to host our DNS entries in a non-recommended manner.

    Even today, if we set our DNS entries on CloudFlare but do not enable any CloudFlare services, traffic flows to the blogs perfectly. This is true whether we use multiple A records or simply set a CNAME pointing to

    When CloudFlare services are activated, all traffic to our blogs goes first through the CloudFlare servers for caching, additional statistics, etc., which means that it would appear to as though it were originating from the CloudFlare servers.

    Or, depending on the type of malevolent traffic detection being used, it may appear to that the request is being spoofed.

    What we're trying to identify, since this problem is so new (remember that it has worked flawlessly for months for all of us), is whether servers are seeing the traffic from CloudFlare as potentially malevolent (or in violation of some terms of service) and actively blocking it. If so, we can either work toward or resolution or have explicitly state, "We do not allow traffic that comes from CloudFlare because [it triggers our network protection systems too easily|it violates TOS | we just don't like it]." All of those are okay, so long as we know the policy and can make an informed decision.

    If, on the other hand, you tell us "We do not and cannot support off-site DNS or services such as CloudFlare, but we do not block such traffic, either. If you choose to use CloudFlare, you are on your own for issues related to your domain's traffic," then we know that it's time to push back on CloudFlare and let them know that you are NOT blocking traffic from their servers, and it's time to point the finger away from and back at them.

    Can you please help us determine which of those two is closer to the official stance, so we know what to do next?

    Many thanks,
    Brian Lewis

  22. Ah, looks like you replied while I was typing. I think that you've pretty well hit on what I was asking.

  23. You're welcome!

    Just to clarify in case anyone else stumbles across this, we don't block Cloudflare, but the IP address you were mapping to was retired.

    So, it wasn't blocked, it was just going quite literally nowhere.

  24. @macmanx
    Thanks for the clarity. Bookmarked.

  25. You're welcome!

  26. softwaretrading


    What if is a cname, as mentioned by @sparkanthology? Apologies, I don't understand DNS in that much detail. This is actually how cloudflare suggest that this be done in their FAQs. Is lb the server that got retired? Could that work in theory, without being too disrputive to the approach you are using?


  27. That's the same issue, in this case it's directed to a single server, not a single IP. It's just as bad though.

    We don't support using CloudFlare for your site, for several reasons:

    1. Their method of pointing your domain to your site requires using an IP address or specific server, which we don't support. Your site does not have a static IP address or specific server. Instead, requests to load your site are shifted between several IP addresses and servers in order to balance the demand on servers. This means that specifying an IP address or server won't work.

    2. The features of their cloud-based infrastructure simply duplicate the infrastructure already being provided to you by, such as:

    * CDN's (Content Delivery Networks) that deliver your site content from the location closest to your visitor
    * Caching/optimizing files for faster loading times
    * Security measures protecting your site from denial of service attacks and other forms of hacking/malware
    * Site stats, including search engine terms and incoming link referrers, that are easier to read than Google Analytics

    You can direct your domain back to your blog by changing your name servers to:


    If your domain is registered with us, you can change your name servers following this guide:

    If there are other features you were interested in using via CloudFlare, besides the ones listed above, can you let me know more about what you're trying to do? I'll be happy to help you learn more about the equivalent feature on

  28. The single most important feature (to me) enabled by using CloudFlare is Google Analytics. It provides a very different perspective into traffic statistics, and allows me to do detailed traffic-flow exploration that is simply not possible with WordPress site statistics (which I also use daily, as an overview).

    WordPress statistics are improving; the addition of "Number of Visitors" was a huge step forward. However, they're no match for the insights I gain with Google Analytics.

  29. Yes, that's one of the very few things that we can't match at this time. We are working to improve stats though, and exploration-related stats are on the roadmap.

Topic Closed

This topic has been closed to new replies.

About this Topic