Apologises if this has been asked before but the documentation is not all that clear.
[Ignore the `domain_com` part, it should be `domain.com - it won’t let me post more than two URLs]
Regarding the APEX domain and www record, would the following:
Rule: *.domain.com
Match both:
domain_com
www.domain_com
Or will it only match:
www.domain_com
And regarding sample rules, for Wordpress Admin/Login, I do the following:
Rule: .domain_com/wp-login.php
Rule: .domain_com/wp-admin/
And have the following
Security Level: High
Cache Level: Bypass
Disable Apps
Disable Performance
Do I need to disable Apps and Performance? It is not overly clear what those would reflect and my concern would be that perhaps they cache items that could become a security risk (if vulnerable and out-of-date etc.).
Will only match subdomains, since the * is before a dot. Will not match naked domain: www.domain.com test.domain.com domain.com
To match both naked domain and www, use *domain.com/*
For the WordPress page rules, it depends on your objectives. You could have:
www.example.com/wp-*
Just one page rule would cover /wp-admin/* /wp-login.php /wp-json.php /wp-cron.php, and /wp-content/*
If you use this setup, you should not use cache bypass, as you would want /wp-content/uploads/* to be cached (it is by default). If you have a “cache everything” page rule, and if it is properly placed as the last rule in this group, then it won’t affect any of the above areas/files, as only one page rule is triggered for any given URL. What I have are the following settings:
Security Level: High (Assuming your general setting is Medium or lower)
Disable Apps (avoids apps showing front end content on your back end)
Rocket Loader: OFF (avoids issues with page composers and other plugins)
Optionally, Auto Minify (JS, HTML, CSS) also set as OFF, if you feel it’s needed.
Rocket Loader off will not affect the JS files that are invoked by the HTML, which is not subject to this PR.
So, is there really a need to negate on the following:
/wp-json.php
/wp-cron.php
For the likes of Apps, Rocket loader etc.? My understanding is that the raw request is NOT cached, unless you specifically create rules to cache the output from the server.
And likewise would there be an issue using Rocket Loader with front-end stuff? Including the likes of WooCommerce elements? Essentially the main issue is with components in the backend?
So, in theory, if I set a page rule for wp-admin, and disable Rocket Load, Apps, Minify etc. that would be sufficient.
Regarding “Disable Performance” is that required at all in the same context?
A page rule creates an exception to the rule. Some performance and security features, while desirable on the front end, may not be ideal for the back end. If your zone is set to have Rocket Loader ON, for instance, you may want to turn it off in the back end, as it has a history of conflict with some page composers. It won’t have any impact on /wp-json.php or /wp-cron.php.
I don’t seen any reason why you’d want apps running on the back end, but it’s totally up to you, and depends on which apps you have added to your CF domain.
Normally not, this is something only you would know. Trial and error. It depends on your setup, each WP site has a different set of plugins, and you never know where conflicts may arise.
I don’t know, it was just a suggestion based on my setup. If you have page rules to spare, you may want to try a different approach.
Disable Performance would turn off Rocket Loader, Mirage, and Polish, as well as the Minify for JS, CSS, and HTML. I’d rather turn off RL but keep image optimization.
