Cloudflare

Overview

The Cloudflare integration lets you manage your Cloudflare-protected domains directly from the WebGPT dashboard. This is especially valuable if you manage many domains — instead of configuring each domain individually in the Cloudflare dashboard, you can apply settings, WAF rules, and SSL configurations in bulk across dozens or hundreds of domains at once.

The integration also includes an analytics dashboard similar to the Google Analytics integration, providing traffic and request data sourced from Cloudflare.

Connecting Cloudflare

You can connect your Cloudflare account using either an API key (account-wide access) or an API token (scoped, limited permissions).

1. Navigate to the Cloudflare integration page. Go to Integrations → Cloudflare and click the Connect button.
2. Choose your authentication method. You have two options:
   • API Key — provides full access to your Cloudflare account. Find it in your Cloudflare dashboard under My Profile → API Tokens → Global API Key.
   • API Token — provides scoped access with only the permissions you grant. Create one in My Profile → API Tokens → Create Token. This is the recommended approach for better security.
3. Enter your credentials. Fill in the required fields:
   • Email — the email address associated with your Cloudflare account.
   • API key or token — the key or token you copied from the Cloudflare dashboard.
   • Account name — a friendly label to identify this connection in WebGPT (e.g., "Main Cloudflare" or "Client Sites").
4. Validate and save. Click Save. WebGPT will validate your credentials by making a test API call to Cloudflare.
5. Domains synced automatically. Once validated, all domains (zones) in your Cloudflare account are synced and displayed in WebGPT.

Cloudflare management tab

The main Cloudflare tab is where you manage your connected accounts, domains, and security settings.

Account cards

Each connected Cloudflare account is displayed as a card showing the account name, email, authentication method, and the number of domains managed. From each card you can sync domains, edit credentials, or remove the connection.

Domain management

All domains (zones) in your Cloudflare account are listed with their current status. You can view each domain's settings and manage them individually or in bulk.

WAF rules management

The Web Application Firewall (WAF) section lets you create, edit, and manage custom WAF rules for your domains. WAF rules protect your websites from malicious traffic, bots, and attacks.

• Create rules: Define custom firewall rules using Cloudflare's expression syntax (e.g., block requests from specific countries, challenge suspicious user agents, allow known bots).
• Expression validation: WebGPT validates your firewall expressions before applying them, helping you catch syntax errors early.
• Edit and delete rules: Modify existing rules or remove them when no longer needed.

SSL/TLS encryption mode

Control the SSL/TLS encryption mode for your domains. Cloudflare supports several modes:

• Off — no encryption (not recommended).
• Flexible — encrypts traffic between visitors and Cloudflare, but not between Cloudflare and your server.
• Full — encrypts end-to-end, but does not validate the origin server certificate.
• Full (Strict) — encrypts end-to-end and validates the origin server certificate. This is the recommended setting for maximum security.

Bulk operations

One of the most powerful features of the Cloudflare integration is the ability to perform bulk operations across many domains at once:

• Bulk WAF rules: Apply the same firewall rule to dozens or hundreds of domains simultaneously. Select the domains you want to target, define the rule, and let WebGPT apply it to all selected zones.
• Bulk SSL settings: Change the SSL/TLS encryption mode across multiple domains at once. This is especially useful when migrating to stricter SSL settings across your portfolio.

Job system and progress tracking

Bulk operations run as background jobs with real-time progress tracking. When you start a bulk operation:

1. WebGPT creates a job that queues all the individual operations (one per domain).
2. A progress indicator shows how many domains have been processed out of the total.
3. Each domain's result is tracked (success or failure) so you can see exactly which domains were updated and which had issues.
4. When the job completes, you get a summary of the results.

Analytics tab

The Cloudflare Analytics tab provides traffic and security data sourced from Cloudflare's analytics, giving you a complementary view to Google Analytics.

KPI cards

Summary cards at the top of the dashboard show key metrics:

• Active domains — domains with traffic in the selected period.
• Unique visitors — total unique visitors as reported by Cloudflare.
• Total requests — all HTTP requests handled by Cloudflare (includes cached and uncached).
• Bandwidth — total data transferred.
• Threats blocked — malicious requests stopped by Cloudflare's security features.

Charts and tables

The analytics dashboard mirrors the structure of the Google Analytics dashboard:

• Trend chart: Visitors and requests over time, displayed as a line chart.
• Top domains chart: A horizontal bar chart ranking your domains by traffic volume.
• Category breakdown table: Metrics grouped by domain categories, showing aggregate data for each category.

Tips and best practices

• Use API tokens over API keys. API tokens let you control exactly which permissions WebGPT has. Create a token with only the zones and permissions needed (e.g., Zone:Read, Firewall:Write, Analytics:Read).
• Link Cloudflare zones to WordPress sites. For the best experience, make sure your Cloudflare domains are also added as WordPress sites in WebGPT. This enables unified views across analytics, content, and security.
• Test WAF rules on one domain first. Before applying a WAF rule to all your domains via bulk operations, test it on a single domain to make sure it behaves as expected. Once confirmed, use bulk apply.
• Monitor job results. After a bulk operation completes, review the results summary to ensure all domains were updated successfully. Any failures will be listed with error details.
• Use Full (Strict) SSL. If your origin server has a valid SSL certificate, always use Full (Strict) mode for the strongest security.
• Multiple accounts supported. If you manage domains across multiple Cloudflare accounts (e.g., for different clients), you can connect each one separately and manage them all from WebGPT.

Troubleshooting

• Invalid credentials: Double-check that you are using the correct email and API key/token combination. API keys are found under My Profile → API Tokens → Global API Key (you need to click "View" and enter your password).
• Missing domains: If a domain does not appear after connecting, make sure it is an active zone in Cloudflare (not paused or deleted). Try re-syncing the account.
• WAF rule errors: If a rule fails to apply, check the expression syntax. Cloudflare expressions have a specific format — the validation feature in WebGPT will highlight syntax errors before you attempt to apply.
• API token permissions: If certain features do not work with an API token, ensure the token has the required permissions. For full functionality, the token needs Zone:Read, Firewall:Write, SSL:Write, and Analytics:Read permissions.
• Bulk operation failures: Individual domain failures during bulk operations are usually caused by zone-specific issues (e.g., a domain in a pending state). Check the error details in the job results and address each domain individually.