At least for DDoS by attacker who use Tor network, it can be mitigated by enabling PoW feature.
Only for onion service though. Forum would have to have a onion version and Tor users have to surf using that only.
In general, for the clearnet version, CloudFlare would still be a necessity. For VPN users, CloudFlare challenge probably wouldn't be too much of a difficulty for them. They aren't abused as badly, but I'm not sure if CloudFlare specifically labels them (I know they do for Tor). Saw your quote as well, I guess we wouldn't be shifting away from CloudFlare any time soon.