How to configure page rules in wordpress site?



I have a free Cloudflare account and a WordPress site.
It seems that the limit of rules is 3.

Will it be enough for a wordpress site?

What rules should I set for a WordPress site?

I think the main thing is that the login is not cached and neither in the control panel.

I would appreciate your help.


I think there is only the rule to bypass cache on the path of the admin page (which should be*).

Select the Always Use HTTPS option in the crypto settings, then add the rule matching you URL with that path (e.g.*) and select cache level bypass.

You should also probably redirect all traffic to a specific version, be it with or without the www. in front. For that match the version you are not interested in (e.g.*) and redirect it to$1 to retain the path. The HTTPS is front is not really necessary, but doesn’t hurt.


I think this could help me, do not you think? but it’s not for free accounts.

Ok, I’ll apply the settings you’ve told me about. Do not you think that the wp-login should also avoid being cached?


Yeah probably, not really an expert in Wordpress unfortunately, so don’t know exactly the paths. But yes, add a new rule for that.

Maybe @sdayman can help a bit more here.


OK, thanks :blush:

@sdayman I would like to know if it is advisable to install the Cloudflare Wordpress plugin. Create the rules automatically? Thank you very much in advance.


The information that appears on this site seems to be what I was looking for, however, I have a question.

  • If I install the WordPress plugin, do I need to configure these rules? or are they configured automatically?


I expect you need to add them yourself (especially since you shouldn’t give the Cloudflare API key to anyone). I would likely add the plugin, then after installation and configuration is completed go in the Cloudflare dashboard and check what is configured and fill in missing steps.


I’d avoid using any plugin that accesses Cloudflare. Some are good at it, but require careful planning to not jumble things up. I much prefer to manually adjust the settings from the Cloudflare Dashboard.

The three page rules in that tutorial look good. Just keep in mind that the 7-day Edge Cache TTL will cache all your pages for a week, so any updates won’t show up immediately unless you manually Purge the cache. You can lower that TTL to match your update frequency if you’d like.


Actually, the https:// in that case is necessary on the target URL, according to this error message (and since the path “/” only would not apply here):


Agreed. A destination URL should have the protocol. It’s the Page Rule Match that doesn’t necessarily need the protocol, as it would match both. Unless you want to specifically match a protocol.


Do you mean that the plugin “cloudflare” for WordPress is not official?

So, do you recommend me only to install the cloudflare extension for Plesk and configure the rules manually?


It’s official, but only controls a small portion of what Cloudflare actually does.

I use Plesk, but wouldn’t use the Cloudflare plugin for that, either. It’s just added complexity and more things to break.

When users have problems with Cloudflare integrations, it’s often difficult for them to isolate the problem due to the overlap between the two systems.

I’d only recommend the Plesk plugin if you’re fully comfortable with administering a web hosting platform.


I have created a domain subdomain that has cloudflare enabled. The bad thing is that it detects me the SSL certificate of Let’s encrypt, how do I use the cloudflare SSL?

Is cloudflare’s free SSL only for the main domain?


Cloudflare’s SSL is for the main domain and all first-level subdomains.

Have you set the subdomain to :orange: in the DNS settings?


This is good news.
No, I have not configured it because I am using the Cloudflare extension for Plesk and I have only activated it from there (the configuration is done alone).

The problem is that when I enter the subdomain and read the SSL certificate information, the data of let’s encrypt and not of cloudflare appear. Although I must admit that in the control panel of Cloudflare, in “Crypto” appears all SSL (main domain and subdomain).

I would appreciate if you can help me configure the subdomains correctly.


Then simply enable the proxying of the subdomain from the DNS settings. The issue is that one.

Make sure you don’t do any HTTP to HTTPS redirects server side, handle them via the Crypto setting’s Always Use HTTPS setting.

Ideally you should still have and maintain a valid certificate on the origin (as you currently have) and set the SSL setting in the Crypto settings to Full (Strict).

You could substitute the Let’s Encrypt certificate with a Cloudflare Origin Certificate, which is free and valid for up to 15 years.


Well, I have been able to configure it, although something strange has happened in the process, although it does not matter.

Thank you very much for the information, I did not know that there were free certificate certificates from cloudflare, should I download it from the crypto section?

Right now I will remove the redirect from HTTP to HTTPS on the server, although, why should not it be configured like this?


Explain, maybe I have seen it before.

It’s not a valid certificate for users, it’s valid only as a certificate for the origin server of a proxied domain.

Because it’s slower (it needs to go to the origin every time), it adds load on the origin and can cause issues since depending on settings Cloudflare connects via HTTP or HTTPS.


The problem was in my computer (although I do not know what caused the problem). When I entered the web page and tried to see the information of the SSL certificate, the browser showed me the information of the certificate of origin (Let’s encrypt). To try to solve it I tried incognito mode, other navigator, clean the cache, clean the DNS cache of the system, clean the browser’s DNS cache and nothing worked. From other computers you could see the cloudflare certificate information.

All this was very curious because my file / etc / hosts was not modified and when I entered the web I went directly to my server, without going through Cloudflare, really curious. Maybe you can explain what happened (after an hour it started to work normally).

I have another question for you:

I have a domain and I want “www” to point to one server and the subdomain to my other server. Can you configure Cloudflare SSL for these cases? (with the free account)


Most likely some DNS cache issues… It happens.

It’s already configured correctly. As long as all subdomains remain first level you are fine.