Hi,
In the page rules, do I need to use /wp-admin/ AND /wp-admin/* to cover the /wp-admin/ page as well as everything after?
Or will /wp-admin/* work for the /wp-admin/ page and everything after?
Thanks for any help!
Tug
Just the one with the *. But a Page Rule for wp-admin generally isn’t necessary. What are you trying to do with that Page Rule?
1 Like
I have done the following:
Always Online: Off, Security Level: High, Cache Level: Bypass, Disable Apps, Disable Performance
I found this video from Cloudflare - Must Use Page Rules for Everyone | Cloudflare - and implemented what he recommended.
I was also confused about what exactly to do with “always use https” on my domain since we go with the www subdomain but the subdomain was added shortly after we started our site. So I added both:
-
http://*.my-domain.com/*Always Use HTTPS -
http://*my-domain.com/*Always Use HTTPS
This was just for good measure. Not sure which one to use or if I have to use both.
You really don’t need the Always Use HTTPS rules. You can already set that in SSL/TLS → Edge Certificates
The wp-admin rules are mostly unnecessary. You could go with Security Level High, but wp-admin is rarely an attack vector. Attackers usually go after wp-login and vulnerable plugins & themes. It’s already not cached, except for static files which really aren’t admin-specific.
Okay, good to know! Thank you for your help and knowledge!
I have enabled that function via SSL/TLS. I had to introduce the http://*my-domain.com/* Always Use HTTPS because our site was running into an infinite loop when typing in my-domain.com but if you typed in www.my-domain.com it redirected correctly. Strange, probably, but it worked. Once I added that page rule it completely disappeared.
This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.