Cloudflare is designed to protect your website from many types of malicious online activities such as:
- web software vulnerabilities
- SQL injections
- spam comments
- cross-site attacks
- brute-forcing
These are always enabled by default for the service so there is no need for any manual activation on your end.
You can manage the security level of the Cloudflare service from your Cloudflare Dashboard -> Security > Settings.
Cloudflare has an internal method of assigning a threat score to each IP which can be from 0 to 100. Here is what the different security levels mean:
- High – Threat scores greater than 0 will be challenged.
- Medium – Threat scores greater than 14 will be challenged.
- Low –Threat scores greater than 24 will be challenged.
- Essentially Off – Threat scores greater than 49 will be challenged.
The recommended option is Medium, but if you notice any suspicious activities towards your website you can increase the security level to High.
The I’m Under Attack option is to be used only when your website is under a DDoS attack. You can find more information about it in this article.