Cloudflare page rules wildcard cache bypass not working

I was having problems logging into Wordpress, which was giving me the error:

“Cookies are blocked or not supported by your browser. You must enable cookies to use WordPress”

unless I enter “development mode” on Cloudflare.

The Cloudflare docs suggest *example.or/wp-admin* , but this doesn’t catch wp-login, so I’m getting the cookie problems.

So I’m trying **in , which I thought should match wp- log in and wp- adm in.

I put the rule at the top, too, as it is the most specific. The two rules further down are:* - bypass cache. Seems to be working.* cache everything, always on. Again, seems to work.

The only thing I can think is that you can’t use a wildcard in the middle of something like I have, but I can’t find any suggestion that this is the case in the docs, and I can’t add two separate rules as I only get 3.


You can try replacing your /wp-*in rule with:

Security Level: High
Rocket Loader: OFF
Disable Apps

Notice there’s no bypass cache directive. This is not needed, as only one page rule is triggered per URL, so since CF does not cache HTML page content by default, and since this rule will be above the one setting “cache everything”, your /wp-admin/ and /wp-login.php areas will not be cached. And, important, since this rule will also apply to /wp-content/ folders, it must not contain the bypass cache directive, as to not impact the caching of images and other uploaded files.

The Rocket Loader OFF setting will not have any impact on JS files under /wp-content/ when they are called by a page which path does not start with /wp-.

Thanks so much, your suggestion worked for me.

1 Like

This topic was automatically closed after 31 days. New replies are no longer allowed.