We know our servers much better here than anyone on Cloudflare

You don’t have a bank but a blog!
Nor is your site a desirable target for hackers in the sense that someone will invest in expensive equipment and hook up (eavesdrop) the fiber optic cable that Cloudflare communicates with Origin.
They “will” hack you in some other ways that are much simpler.

The main reason why I recommended you not to do CA cert
is that you don’t have to make it by hand every three months
but instead use a self sig. cert that lasts longer than 10 years if you wish.

Certificates serve for privacy (protection of some data in the communication)
and not as some magical defense against hacking.

FULL instead of FULL-Strict is for your needs more than enough.


Absolutely! Im not a bank! :laughing: wait a minute…what if installed woocommerce and clients begin puting in their bank details?




The fact that there is a self sig certificate in the communication between CF and hosting does not mean that this communication is not encrypted.

The difference is basically who issued that certificate.

If it was made by an independent third party then more trust is given to it than if you did some certification yourself.

Browsers trust a third party and not a self sign,
but here the browser has no role.

Browser (visitors) communicates with Cloudflare (and they are only interested in the certificate that Cloudflare generated - let’s call it an external certificate),
while for (internal) communication between CF and server it is used
that self. sign. which does the encryption as well as some other certificate.

I don’t want to be misunderstood and to turn out to be against anything you wanted to do :slight_smile:
I just get the impression that too much attention has been paid to one segment
while I’m sure there are many more important things to do.

For example:
protect your hosting acc with 2FA
Wordpress is also the most attacked CMS
and you need to know how to administer it
piles of plugins for WP that have security holes
your or the user’s device may contain malware
how much your email is protected,
and so on.

It’s like when someone buys an expensive car that is advertised to have the safest protection against theft
with huge encryption, cameras and whatnot…
and then someone came and lit a newspaper and threw it under the car
and the car thinks it’s on fire because the smoke detector sensed it
and the car unlocks all the doors, the thief came in and drove away with that car.

In short…there are always simpler ways

btw. I’m not sure but I think w-commerce doesn’t support cert from Cloudflare :upside_down_face:


Very true, i was putting alot of effort on something that was settled long ago. if only i knew. Luckily i’ve been able to accomplish other tasks, wp security, professional email and now that you reminded me, the 2FA should be next. any help is welcome. Kindest regards.


This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.