Running s2Member (Pro) with Cloudflare

Cralamarre · 1 November 2022 21:13

My hosting company is recommending that I switch my DNS to Cloudflare. Does s2Member Pro work with Cloudflare, and are there any settings I would need to change? Would my PayPal settings still work? Thanks in advance!

clavaque · 3 November 2022 22:26

Hi Stephen,

I don’t know that you need a special configuration… We use ClouFlare for our websites.

com%20WP%20Sharks%20Account%20Cloudflare

Cralamarre · 5 November 2022 21:16

Thanks Cristian. Is there not an issue with Cloudflare reporting all visitors as originating from the same IP? Or is that an old issue? And if I can ask one more question, did you need to install the Cloudflare WP plugin to get things working? Thanks!

clavaque · 6 November 2022 10:39

No, we don’t use a plugin for CloudFlare… I haven’t noticed that IPs issue.

Cralamarre · 6 November 2022 12:47

I’m guessing your web server has a Cloudflare module like mod_remoteip installed that overrides Cloudflare’s IP with the originating IP? Otherwise all visitors to the site would use Cloudflare’s IP, which would quickly lead to everyone being locked out of the site due to too many login attempts.

bopters · 4 December 2022 03:52

Agreed. This would happen without the Cloudflare plugin or server config since all visitors would be randomly spread across (by location) Cloudfare’'s dozens of IPs. Unless, of course, the visitors are randomized across those IPs and IP security doesn’t kick in.

Cralamarre · 7 December 2022 01:04

Just switched my DNS over to Cloudflare and everything is working great. Tested logins and a membership purchase with s2Member with no problems. My server does have mod_remoteip running on it which I think is why the original IPs are being logged. But so far so good. Thank you for answering my questions!

Cralamarre · 7 December 2022 17:56

Just in case anyone is searching for this topic in the future, Cloudflare has an option to run in “DNS Only” mode which turns off the proxies and points traffic directly to your website’s IP. You’ll miss out on all the speed improvements and security features Cloudflare offers, but it will eliminate the possibility of you and all your members sharing the same Cloudflare IP and being locked out of your site due to too many incorrect login attempts.

Even if you run Cloudflare in proxy mode, it appears that Cloudflare does randomize visitors across its IP’s. So the chance of everyone being locked out at once seems minimal.

bopters · 11 December 2022 01:36

Unless, perhaps, you’re running a highly local site, all of your visitors use the same proxy, and there is more IP sharing. I don’t claim to know how CF manages IPs, but it seems more likely to occur than globally-distributed site users.

thesimarchitect · 8 January 2023 13:22

There’s ways to set up Cloudflare to forward the real users’ IPs so you can have that information on your wordpress etc.

I forgot how but there’s tutorials and they work for both Apache and Nginx.

Also, rocket loader breaks many things, it’s the culprit 90% of the time, in case anybody faces issues. Not only with payment forms but also many other things, including ads.