View Categories

Cloudflare Setup

2 min read

To use the WAF (Web Application Firewall) features, you must first link Ultimate Security with your Cloudflare account. This allows the plugin to manage your security zones and deploy protective rules automatically.

Enable WAF Rules

Before configuring your connection, you must activate the WAF rule management engine within the plugin. Enabling this allows the plugin to handle rule deployment, configuration, and traffic analytics.

How to Enable It

  1. Navigate to Ultimate SecurityWAF RulesCloudflare Setup from your WordPress admin sidebar.
  2. Locate the Enable WAF Rules toggle switch.
  3. Click the toggle to turn it on.

Connecting Your Cloudflare Account

To manage your rules, you need to link your Cloudflare account under the Connect Cloudflare Account section. First, provide a general label for your reference:

  • Account Name / Label: Enter a friendly name to identify this specific Cloudflare account (e.g., “Main Account” or “Client Admin”).

Next, choose one of the three authentication methods below to complete the connection.

Method 1: API Token

What It Is

The API Token method is the most secure way to connect your site to Cloudflare. Instead of exposing your master password, it uses a scoped token that grants our plugin only the specific permissions required to deploy WAF rules.

How to Configure It

cloudflare account setting in ultimate security
  1. Under Authentication Method, select API Token.
  2. API Token: Paste your unique Cloudflare API token into the field. Required Permissions: Your token must be created in your Cloudflare dashboard with these exact scopes: ZoneWAFEdit and ZoneZoneRead.
  3. Token Duration: Choose how long you want to keep these credentials securely stored from the dropdown menu.
  4. Click Verify & Save to validate the token permissions.

Method 2: Email + Global API Key

What It Is

The Email + Global API Key method connects your site using your master Cloudflare credentials.

email and global API key settings in ultimate security

Security Note: While fully operational, using a Global API Key grants full administrative access to your entire Cloudflare profile. For optimal security.

How to Configure It

  1. Under Authentication Method, select Email + Global API Key.
  2. Cloudflare Account Email: Enter the exact email address linked to your Cloudflare profile.
  3. Global API Key: Paste your master Cloudflare Global API Key into the field.
  4. Token Duration: Choose your preferred credential storage timeframe from the dropdown menu (e.g., Forever).
  5. Click Verify & Save to authenticate the connection.

Method 3: OAuth

What It Is

The OAuth method authenticates with the Cloudflare API via a self-managed OAuth application. This establishes a securely scoped integration without sharing any raw account passwords or master keys.

OAuth Clients settings in ultimate security

How to Configure It

  1. Under Authentication Method, select OAuth.
  2. Client ID: Paste the Client ID from your self-managed application.Where to find it: In Cloudflare, go to Manage AccountOAuth Clients.
  3. Client Secret: Enter the unique secret key issued for your OAuth client. Treat this entry with the same security as a password.
  4. Access Token: Paste the bearer token generated after user authorization.
  5. Refresh Token (Optional): Enter the refresh token. Providing this is recommended so the plugin can seamlessly fetch a new access token when the current one expires.
  6. Token Duration: Set your credential storage duration using the dropdown menu (e.g., Forever).
  7. Click Verify & Save to authorize the application connection.

Finalizing Changes

After completing your chosen verification method, notice the Unsaved Changes warning bar at the top or bottom of your screen.

Click Save Changes to write your configurations permanently. You can add multiple separate Cloudflare accounts to this interface and switch between them at any time.

Quick Guide: How to get your API Token

If you aren’t sure where to find your credentials, follow these three steps:

  1. Log in to your Cloudflare Dashboard.
  2. Navigate to My Profile > API Tokens.
  3. Create a token using the “Edit Zone DNS” template or a custom token with the permissions mentioned above (WAF Edit, Zone Read).
  4. Copy the token and paste it back here in the Ultimate Security settings.

Managing Multiple Accounts

Ultimate Security supports multi-account management. You can add multiple Cloudflare accounts and switch between them at any time to manage different security zones without leaving your WordPress site.

Leave a Reply

Your email address will not be published. Required fields are marked *

Scroll to Top