diff --git a/webtop/SETUP.md b/webtop/SETUP.md
index 4707609..37366eb 100644
--- a/webtop/SETUP.md
+++ b/webtop/SETUP.md
@@ -46,7 +46,8 @@ Webtop provides a full Linux desktop environment (Ubuntu XFCE) directly in your
 > [!CAUTION]
 > The Webtop container gives anyone who accesses it a passwordless root terminal (`sudo`) *within* the container. You **must not** expose this to the public internet (e.g., via Cloudflare Tunnel) without an authentication layer in front of it.
 
-If you are routing `webtop.chengs.uk` through a Cloudflare Tunnel, follow these steps to secure it with Cloudflare Access:
+If you are routing `webtop.chengs.uk` through a Cloudflare Tunnel, follow these steps to secure it with Cloudflare Access. **CRITICAL: Do this BEFORE adding the public hostname to your Cloudflare Tunnel to ensure zero exposure time.**
+
 1. Go to your **Cloudflare Zero Trust** Dashboard (`one.dash.cloudflare.com`).
 2. Navigate to **Access** -> **Applications** and click **Add an Application**.
 3. Choose **Self-hosted**.