Edge (Cloudflare)
Connect a Cloudflare account to see edge analytics, monitor SSL, purge cache, and toggle Under-Attack mode.
The Edge feature connects your workspace to Cloudflare so you can watch edge traffic and take basic protective actions from FleetWP. It's a paid feature and talks directly to the Cloudflare API — not through the WordPress connector.
Connect Cloudflare
On the fleet Edge page, connect using a scoped Cloudflare API token (never the Global API Key). FleetWP stores the token encrypted and keeps only the last four characters for display. One connection serves the whole workspace and can reach every account and zone included in the token's resource policy; individual sites can carry a per-site token override for client-owned Cloudflare accounts the workspace token can't reach.
Create a custom token with these permissions:
| Scope | Permission | Access | Used for |
|---|---|---|---|
| User | User Details | Read | Identifying the user who created the token |
| Zone | Zone | Read | Discovering and mapping zones |
| Zone | Analytics | Read | Traffic, cache, and threat analytics |
| Zone | SSL and Certificates | Read | Edge-certificate expiry monitoring |
| Zone | Cache Purge | Edit | Purging a site's cache |
| Zone | Zone Settings | Edit | Reading and applying security baselines and toggling Under-Attack mode |
| Zone | Zone WAF | Edit | Reading and deploying FleetWP custom firewall rules |
| Account | Account Settings | Read | Importing account audit logs into the activity feed |
For an agency-wide connection, set Account Resources to All accounts and Zone Resources to All zones. FleetWP discovers zones across every account the token can access. To limit the integration, select only the accounts and zones the workspace manages. A per-site override token needs the same zone permissions, restricted to that client's zone; include the account permission only if account audit-log ingestion is needed for that token.
FleetWP does not need DNS permissions.
Map sites to zones
FleetWP can auto-map sites to Cloudflare zones by apex domain, or you can set a zone per site manually. Each site maps to one zone.
What you get
- Analytics — request and threat volume per zone, rolled up on the Edge page and shown per site.
- SSL monitoring — the edge certificate's expiry date, with a countdown.
- Purge cache — clear the zone's cache in one click.
- Under-Attack mode — toggle Cloudflare's heightened security level for a zone.
Alerts
A cron refreshes analytics every few hours and raises an edge alert on a
threats spike (a large jump in blocked requests versus the prior sample). It
also ingests Cloudflare account audit logs into your activity feed.
Edge does not manage DNS by design — it's read/monitor plus the two protective actions above.