Anything that adds a layer of protection will have the opposite effect - it will slow your site down. The mere fact that something has to be checked against a list/database or whatever adds additional processing wich has to have an affect on your site. I will accept that probably in most cases the difference will be indeterminable.
Cloudflare adds both performance and security to a site, especially in the global context. They have datacenters across the globe and can serve cached content from them. This also reduces the load on your own server increasing it's performance. As far as the added security there is numerous features that can be deployed, some of the easily like blocking known bad bots to more difficult implementation like firewalling all traffic to your server except for Cloudflare IP's. It's a a tool and like any tool you need to know how to use it.
phpBB3 has an excellent track record but telling someone that no additional security is needed based on that is very poor advice. In addition to potential exploits in phpBB in the future there may be other software running either as web application or server application that may be exploited. phpBB cannot protect against this:
Code: Select all
I use Cloudflare on my site, I cannot speak about their free option because I used paid version. My site came under a DDOS attack a few years back, twice in two weeks. Without a service like theirs you are pretty much toast if such an attack is carried out on your own site. It's not difficult for someone to do this, it only requires a small amount of cash if you piss someone off. To fully implement such protection requires substantial amount of server configuration so if you are on shared host it's probably pointless.