There are many good alternatives (Imperva, Sucuri, AWS Shield, DDoS-Guard and such), but people choose Cloudflare because it's free and straightforward to setup. The most cheap and secure alternative is to buy a ~5$/mo VPS from a top-tier provider like OVH or Hetzner (that include DDoS protection) to use it as a reverse-proxy along with a Let's Encrypt certificate. That's how some privacy-related projects avoid using Cloudflare while keeping their clearnet resources operational and protected.