Right now most WMCS things (specifically, public IPs associated with VMs and all that flows from that) are not covered by wikiland's cloudflare protection. The only WMCS thing that /is/ covered is our DNS, and that's mostly an accident of history.
What would be involved in moving all the WMCS IPs behind cloudflare? What are the upsides, and what are the downsides?