Do Not Put Your Site Behind Cloudflare if You Don't Need To

At the time of writing 12:43 UTC on Tue 18 Nov, Cloudflare has taken many sites down. I'm trying to browse the web, but about half of the sites show an error:

Most of these sites are not even that big. I expect maybe a few thousand visitors per month.

This demonstrates again a simple fact: if you put your site behind a centralized service, then this service is a single point of failure. Even large established companies make mistakes and can go down.

Most people use Cloudflare because they have been scared into the idea that you need DDoS protection. Well, maybe you do, but probably you don't.

As they say in security, "no one will burn a zero day on you!". For your small blog with one hundred visitors per month, it's probably the same: "no one will burn their DDoS capabilities on you!"

I don't know how else to say it. Many people keep talking about the importance of a decentralized web, and then continue putting their site behind Cloudflare.

If you really want to be safe in case your server goes down, then setup a second version of your site at another location and point to that server via the A and AAAA records, see "round-robin DNS".

Maybe that's the core of this message. Face your fears. Put your service on the internet. Maybe it goes down, but at least not by yet another Cloudflare outage.