I use the free plan of Cloudflare for a personal site and find it useful for the CDN, analytics, SSL and DNS.<p>One thing that bothers me is the cost of these benefits: all traffic is decrypted at their servers. Is it something to be worried about for the average user? (Data stolen while passing through their servers)<p>Maybe I am paranoid, but is it a good option for sites that deal with payment data?
I've always seen cloudflare as a panacea for horribly written websites that need to handle high traffic. A good framework can crank out like 200k requests per second on normal hardware. If you're using something like PHP for a high load site you're asking for trouble and cloudflare might save you from a rewrite.<p>Their core service is DDoS protection, but the reality is that these attacks are rare and usually small. Most people using cloudflare could save money by just running their own Nginx/varnish reverse proxy. Cloudflare for the most part is just an http reverse proxy, and I've heard they just use nginx internally to do it.<p>I worked at a software/IT consultancy and some of our clients ran controversial political sites. Lots of them. They were surprising never "attacked" with more than a few hundred requests per second. In fact, none of the few hundred sites we ran was ever attacked while I was there. The only ones that went down a lot were wordpress based sites that could only handle like 7 requests per second past the cache. We ran cloudflare on some of these, but only so it wasn't our fault when they inevitable crashed from xmlrpc bots and other primitive garbage.