Kinsta includes a free Cloudflare integration on all plans. Rather than running a separate Cloudflare account, Kinsta proxies every domain through Cloudflare’s enterprise network automatically – so once enabled, your site benefits from CDN caching, DDoS protection, and free SSL at no additional cost. Here is how to enable it on a domain that already exists in your account, verify the setup is working, and fix common issues that come up during activation.
What Does Kinsta’s Cloudflare Integration Include?
Before going through the steps, it helps to know what you are enabling. Kinsta’s built-in Cloudflare integration includes:
- Enterprise-tier CDN – Static assets are cached across Cloudflare’s global network and served from the nearest location to each visitor.
- Free SSL certificates – Cloudflare automatically issues and renews SSL for every domain, including wildcard subdomains.
- DDoS protection – Cloudflare filters and absorbs volumetric attacks before they reach your Kinsta server.
- HTTP/2 and HTTP/3 support – Both protocols are enabled automatically, which improves load times for visitors on modern browsers.
- Argo Smart Routing – Traffic is routed through Cloudflare’s optimised network paths rather than the public internet.
All of this is included in every Kinsta plan at no extra cost.
Step 1 – Start Cloudflare Domain Configuration in MyKinsta
.png)
Log into your MyKinsta account and navigate to Sites > Your Site > Domains. You will see each domain currently attached to that site. Next to the domain you want to configure, click the Get Cloudflare button. This opens the Cloudflare domain configuration modal, which walks you through the remaining steps.
If the domain is already pointing to your Kinsta site IP, verification is skipped and you can move straight to Step 3. If not, proceed to Step 2.
Step 2 – Verify Domain Ownership
If your domain is not yet pointing to Kinsta, you need to verify that you own it before Kinsta adds it to Cloudflare’s network. Kinsta provides you with two DNS TXT records. Log into your domain registrar or DNS provider and add both records exactly as shown.
The records are typically formatted as:
Type: TXT
Hostname: the value provided by Kinsta (usually a Cloudflare custom-hostname string)
Value: a unique verification string provided in the modal
Once added, return to MyKinsta and click OK, I’ve Done It. Kinsta and Cloudflare check for the records in the background. DNS propagation can take anywhere from a few minutes up to 24 hours depending on your provider’s TTL settings. You do not need to wait on the page.
Note: the verification hostname will include a string like kinstavalidation or a Cloudflare custom-hostname UUID. This is normal – it is the token Cloudflare uses to confirm your domain is authorised for the custom hostname system Kinsta uses internally.
Step 3 – Point Your Domain to Kinsta
Once domain ownership is verified, MyKinsta displays the Point Your Domain to Kinsta modal with a Site IP Address. This is the Cloudflare edge IP assigned to your Kinsta site – not a bare server IP. All traffic routed to this address passes through the Cloudflare network before reaching your Kinsta server.
Go to your DNS provider and update the A record for your root domain to point to that IP address. If you want the www subdomain to go through Cloudflare as well – which is recommended – update the A record for www to the same IP.
Once your DNS change propagates, return to MyKinsta and click OK, I’ve Done It. Kinsta confirms when the domain is successfully using the Cloudflare integration.
After Setup: What to Expect
Once enabled, a Cloudflare badge appears next to the domain in your MyKinsta Domains section. SSL is issued automatically by Cloudflare – no manual certificate configuration is needed.
Visitors to your site are now served through Cloudflare’s edge network. Static content is cached globally, dynamic WordPress pages are served from your Kinsta server, and the Cloudflare layer handles DDoS filtering and SSL termination upstream.
How to Verify the Integration Is Working
Once you have clicked OK, I’ve Done It and DNS has propagated, check these three things to confirm the integration is active:
- MyKinsta badge – A Cloudflare icon appears next to the domain in Sites > Domains. If it is still showing a warning, DNS has not fully propagated yet.
- Response headers – In your browser DevTools (Network tab), load your site and look for the
cf-rayheader in the response. Its presence confirms traffic is passing through Cloudflare. - SSL certificate issuer – Click the padlock in your browser and check the certificate. It should be issued by Cloudflare, Inc., not Let’s Encrypt or another authority.
Troubleshooting Common Issues
A few problems come up regularly when enabling the Kinsta Cloudflare integration on an existing domain.
The “Get Cloudflare” button is not visible: This usually means the domain was added to your Kinsta site but was not set as the primary domain. Check that the domain appears correctly in the Domains tab. If you recently added it, wait a minute and refresh the page.
Verification is stuck or keeps failing: The TXT records may not have propagated yet, or they may have been entered with extra spaces or incorrect formatting. Use a DNS lookup tool such as dnschecker.org to confirm the TXT record is visible globally before clicking OK, I’ve Done It again.
SSL errors after enabling Cloudflare: If you see an SSL error on your site immediately after enabling the integration, check whether your origin server has a valid SSL certificate installed. Kinsta provisions origin certificates automatically, but if the domain was previously using a Let’s Encrypt certificate that has now expired, you may need to force an SSL renewal in MyKinsta under Sites > Your Site > Tools.
You already have this domain in a personal Cloudflare account: If the domain is currently proxied through a personal or agency Cloudflare account, you must remove it from that account first. Go to your Cloudflare dashboard, find the domain, and either delete it or set the DNS records to DNS-only (grey cloud). Two Cloudflare proxy layers on the same domain will cause a DNS loop and the integration will not work. After removing the domain from your personal account, restart the setup process in MyKinsta.
Final Word: How to Enable Kinsta’s Cloudflare Integration
Enabling the Cloudflare integration on an existing domain in Kinsta takes three steps and typically completes within a few minutes once DNS propagates. The integration brings enterprise CDN, DDoS protection, and automatic SSL at no additional cost – making it one of the most straightforward performance improvements available within the MyKinsta dashboard. If your domain uses multiple wildcard A records, there are additional DNS steps to complete before verification can proceed. If this is part of a client handover, see our guide on transferring the Kinsta account to your client once the configuration is complete. To measure the server-side impact of the integration, use the Kinsta APM tool to compare PHP transaction times before and after enabling Cloudflare.
