What is the name of the domain?
What is the issue you’re encountering
We recently encountered an issue where Hostinger’s DDoS protection mechanism, which uses LiteSpeed reCAPTCHA, was being cached on Cloudflare CDN. This resulted in users being unable to access the website even after successfully completing the verification process.
What steps have you taken to resolve the issue?
Issue Details:
Background:
-
Our WordPress site is hosted on Hostinger.
-
After DDoS attacks, Hostinger enabled bot verification challenges for visitors.
-
Migrated fully to Cloudflare for security/caching (disabled Hostinger’s LiteSpeed cache).
Problem:
-
Bot verification challenge (CAPTCHA) appears only on the homepage.
-
Challenge does not appear on nested pages or www.roseatehotels.com.
-
After purging Cloudflare cache, the issue disappears temporarily but returns within hours.
-
CAPTCHA redirect is broken (users aren’t redirected post-verification).
Troubleshooting Done:
-
Confirmed WordPress site URL includes www (Settings > General).
-
Added a Page Rule for “Naked URL Redirect”. This resolved the issue temporarily.
-
Hostinger support claims it’s a Cloudflare caching issue.
Questions:
-
Why is the bot challenge page being cached only on the non-WWW homepage despite the WordPress site using www?
-
Why did the “Naked URL Redirect” Page Rule resolve this, and could the issue resurface?
-
How can we exclude the bot verification page from being cached by Cloudflare to prevent this?
Technical Details:
-
Domain: roseatehotels.com (WWW preferred in WordPress settings).
-
Page Rule: Naked Redirect.
-
Caching: Cloudflare CDN (no Hostinger LiteSpeed).
-
Security Level: Likely “Medium” or “High” (triggers CAPTCHA under attack).