APO with both wordpress and non-wordpress content

I host both wordpress and non-wordpress content on my domain sacu-student.com

www.sacu-student.com = Wordpress
my.sacu-student.com = Not Wordpress

Will turning on APO impact my whole domain or can it be configured to just impact my wordpress content?

Big thanks

Steve

Good question. It looks like it will cache both, as APO does not need the plugin to work.

I see ‘www’ shows a HIT for the main page, but ‘my’ does not. I’m not seeing the expect APO response headers on www. Are you using APO? Or something else?

1 Like

Thanks for responding.

I have installed the Cloudflare WordPress plugin but not enabled APO yet, as I don’t want the my.sacu-student.com domain to be impacted by this…

So I thought I would ask here first.

1 Like

As I’m watching others tinker with APO, it looks like Cloudflare recognizes the presence of WordPress. So it makes me wonder if it will ignore subdomains that don’t have WordPress installed. I don’t have a suitable test domain for this, so I can’t tell if this is the case or not.

I have also one question before we activate the WordPress plugin on our clients website : https://www.techwibe.com/ will the websites show some insecure content after activating the WordPress plugin ? We have seen an issue on this WordPress support page : https://wordpress.org/support/topic/apo-setting-serves-website-insecure-and-other-issues/ . It says resolved there but we haven’t seen any official CloudFlare reply

At the moment we bypass APO logic on all subdomains other than www. We may change this behaviour in the future. Currently we gather feedback from the community and would love to hear your thoughts.

3 Likes

I haven’t seen confirmed cases of insecure content served when APO is enabled. I think you should give APO a try. Please refer to my post about recommended way to activate the service and verify it works as expected.

That is great news for me… I will enable this tomorrow.

Will you communicate, in advance, any changes to the current behaviour, as I would need to turn this off again if subdomains are not bypassed. Could this be made configurable?

Big thanks for the feedback and the great service.

Steve

Instead of disabling on subdomains, you could allow us to control it using page rules. I have some parts of my wordpress running in a subdomain and i’d like to cache those pages, too. On the flipside, i have a discourse in another subdomain. So i think the ability to disable APO via Page Rules would be the best option to all cases.

1 Like

Unfortunately, as my WordPress uses ?page_id=NNNN only my homepage appears to be cached:

sacu-student.com

  • cf-cache-status: HIT
  • cf-edge-cache: cache,platform=wordpress

sacu-student.com/?page_id=2779

  • cf-cache-status: DYNAMIC
  • cf-edge-cache: cache,platform=wordpress

I know for SEO I should not really be using ?page_id= but that’s how my website is currently configured :frowning:

APO won’t cache paths with query strings. From the blog:

2 Likes

Great find @sdayman!

I asked about APO and query strings in another support ticket (https://bit.ly/3juyOXD) and you just provided the answer.

I think an option to enable query string cache should be added to APO since many will need to cache some query strings. For example, social media traffic often comes with different query strings and parameters (fbclid, gclid, utm, etc.) that need to be ignored / cached so it doesn’t overload the origin.

1 Like

Yeah though you can work around that if you have control over your origin web server i.e. I do a nginx 302 redirect stripping the query string but I also have custom CF Worker cache that can cache query strings - so it is possible for WP APO to cache query strings if they wanted to I suppose. I posted a write up for WP APO using 302 redirect as well as with for page speed tests at https://community.centminmod.com/threads/cloudflare-automatic-platform-optimization-for-wordpress-cache-effectiveness.20494/

Yes, I have turned it off for now. Thanks for all your help.

1 Like

Hello, how can I solve this problem?
My site is WordPress and Cloudfler plugin is installed

I host both wordpress and non-wordpress content on my domain:

www.vidatarot.com.br (not wordpress)
blog.vidatarot.com.br (wordpress)
gratis.vidatarot.com.br (wordpress)
vip.vidatarot.com.br (wordpress)

I installed the CloudFlare plugin and activated APO in the following subdomains:
blog.vidatarot.com.br (wordpress)
gratis.vidatarot.com.br (wordpress)
vip.vidatarot.com.br (wordpress)

The main site www.vidatarot.com.br (not wordpress) was affected and started to give a lot of problems, it is an ecommerce made in PHP and it is not Wordpress.

Please, how should I proceed to enable APO only for subdomains (wordpress), without affecting www.vidatarot.com.br (not wordpress)?

Well, that’s a bummer. We have 3 different WP sites on one www. subdomain and 2 others and now we need a different caching setup for each site.

It would deffinitely be a better option to give us the option to choose whether we’d like to use it on subdomains too - and if yes, on which ones. Probably page rules should allow this.

Maybe even better, allow us to set a header on our site for now, that CF would recognize and if it’s present, enable the APO for a subdomain… Would this be possible to implement asap?

We just had server issues and had to turn off Varnish for a while a week ako and during the weekend found APO so we decided that would be a great solution and we could get rid of Varnish, but now it seems, we can’t, because APO will only work for the main domain, and we’ll have to set up Varnish for the other domains.

Thanks :slight_smile:

I got hit by this too. My WP site is on a subdomain and my WWW domain is a non-WP site.

The security implications of how APO currently works is a big concern. I have backend CMS pages on my non-WP site that were being cached and delivered by Cloudflare to non-admins. The front end of the site also displays additional options to logged in admins, including links to the backend. Site visitors, Googlebot and other crawlers would have been seeing all of this.

Feels like another Cloudflare Heartbleed on our hands.

I wrote to support suggesting that they need to at least post a warning about this in the Cloudflare Dashboard where you enable APO. The note that’s there now is misleading “This optimization is only available for websites using WordPress” - which would be interpreted by most that HTML caching will only run on WordPress sites. Didn’t think about it a lot at the time, but thought that might be detected by the CF WP plugin or via response headers etc.

Ultimately it’d be ideal if you could specify which subdomains APO runs on.

We are considering how to support multiple subdomains for APO. Once subdomains mode is activated the rest of the site won’t be cached by APO, unless Cloudflare plugin for WordPress is activated against the root as well.

3 Likes