Question on Cloudflare WordPress Plugin on both Apex/Root Domain and Subdomain Full Setup

Hi - We have our Apex Domain and Subdomains setup as their own zones and with each having their own WordPress setup. Since all the domains are managed by different vendors, we gave each vendor API Tokens scoped for each apex/subdomain zone using the WordPress API Token Template so they can configure their WordPress instances with the Cloudflare WordPress Plugin and have full control of the zone the API token is scoped to. At least that’s the intended design so each vendor can do as they please with their assigned zones without affecting the other vendor zones.

There was this bug from last year that prevented us from doing this overall setup in one Cloudflare account and resulted in us using 2 Cloudflare Accounts wherein the apex zone is in one account and the subdomains zones are in the other. That worked but having 2 Cloudflare Accounts is giving us User Account Management toil that we want to get rid of. The bug has since been resolved/closed but we are unsure if it’s really resolved by the latest version of the plugin.

Thank you all in advances for your answers, suggestions and explanation.

I also have got similar, 3 WordPress instances, one zone added to CF account, one using APO, other doesn’t, 3rd not however by using the Page Rules things are applied for that one as needed.
Nevertheless, there are two sub-members, which are added and are limited to see the specific zone(s) from the created group, including the scoped roles to which they’re allowed/restricted from modifying the settings.

From my understanding, may I ask if you wanted to achieve and enable DNSSEC for the root domain, but not for the sub-domain? :thinking:
I am afraid it’s not good way to do it like that, if so.

Or none of the created API Tokens have had a permission to do this for the “whole” zone?

You’re using Business plan type then, or?

Maybe RBAC could help a bit to lavarage it, despite the API Tokens usage.

Thank you for your reply @fritex . We are under an Enterprise plan across all our zones and accounts. What I was hoping the community’s help with was to confirm if anyone has the same setup as us and that there’s no problems encountered.
To clarify our setup:

  1. Main/apex domain is a SiteCore site and Vendor A was issued an API Token
  2. Subdomain 1 is WordPress site setup as Subdomain Full Setup Zone maintained by Vendor B and is issued a separate API Token which they use with Cloudflare WordPress Plugin
  3. Subdomain 2 is another WordPress site setup as Subdomain Full Setup Zone maintained by Vendor C and is also issued a separate API Token also for use of Cloudflare WordPress Plugin.

Can each Zones be independently operated and configured without affecting each other?

UPDATE: We have confirmed this use case scenario by going ahead and setting it up and testing by actually issuing Clear Cache Commands from the Subdomain and it did not affect the Apex or other Subdomains. At least that’s what we saw from the Audit Logs.

In Summary, it does seem like the Cloudflare WordPress Plugin has fixed the bug on this use case scenario. Thanks for all the help!

1 Like