{"id":4290,"date":"2026-02-27T22:44:05","date_gmt":"2026-02-27T14:44:05","guid":{"rendered":"https:\/\/www.6ebook.com\/?p=4290"},"modified":"2026-02-27T22:47:54","modified_gmt":"2026-02-27T14:47:54","slug":"wordpress-cloudflare-cache-everything-rules","status":"publish","type":"post","link":"https:\/\/www.6ebook.com\/en\/wordpress-cloudflare-cache-everything-rules\/","title":{"rendered":"WordPress open Cloudflare site-wide cache (Cache Everything) of the correct posture and avoid pit guide."},"content":{"rendered":"<p>Accessing Cloudflare for WordPress website is a common operation to improve website speed and security. However, in the actual configuration, many webmasters will encounter the problem of \u201cCDN cache does not take effect\u201d; and once you force to turn on the whole site cache, it is very easy to trigger the \u201cordinary visitors see the administrator's toolbar\u201d serious security risks.<\/p>\n\n\n\n<p>This article will take you through a real troubleshooting experience to configure WordPress Cloudflare cache rules perfectly from scratch.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">Avoiding the Pitfalls: Basic DNS and Mail Resolution Settings<\/h2>\n\n\n\n<p>Before you start optimizing your cache, make sure your base DNS records are set up correctly. The easiest mistake to make here is<strong>Mail records are proxied<\/strong>\uff1a<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Site resolution (A \/ CNAME records):<\/strong> root domain and <code>www<\/code> Must be turned on <strong>Proxied (small orange clouds)<\/strong>Otherwise, traffic would not pass through Cloudflare, and all CDN caching and WAF protection would be out of the question.<\/li>\n\n\n\n<li><strong>Mail parsing (MX \/ TXT \/ DKIM records):<\/strong> Where mail-related records (such as <code>mail<\/code>\u3001<code>hostingermail-a._domainkey<\/code> etc.).<strong>Must be set to DNS Only (small gray cloud)<\/strong>. Turning on proxies will cause outgoing emails to be determined as spam or bounced outright.<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\">Phenomenon 1: The site is connected to Cloudflare, but still no cache?<\/h2>\n\n\n\n<p>If you look at the Response Headers for the current web page in the browser console (F12 -&gt; Network), you find that the <code>CF-Cache-Status<\/code> The label is missing, or <code>Cache-Control<\/code> Displayed as <code>no-cache<\/code>This means that your site is not really utilizing the CDN node.<\/p>\n\n\n\n<p><strong>Troubleshooting and resolution steps:<\/strong><\/p>\n\n\n\n<ol start=\"1\" class=\"wp-block-list\">\n<li><strong>Turn off development mode:<\/strong> Go to Cloudflare Backstage <strong>Overview<\/strong>, make sure that the lower right corner of the <strong>Development Mode<\/strong> is closed.<\/li>\n\n\n\n<li><strong>Mandatory override of source station instructions:<\/strong> WordPress by default or some plugins emit <code>Cache-Control: no-cache<\/code> directive, causing Cloudflare to behave and not cache. We need to utilize the <strong>Cache Rules<\/strong> Forced takeover.<\/li>\n<\/ol>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\">Phenomenon 2: After turning on the site-wide cache, unlogged-in visitors even saw the background Toolbar!<\/h2>\n\n\n\n<p>To solve the above problem of not caching, many webmasters will just set an <code>Cache Everything<\/code>(caches all content) rules. <strong>It's a deadly operation!<\/strong><\/p>\n\n\n\n<p>Since Cloudflare caches the page you visit while logged in, it then distributes this page with the top administrator Toolbar to all regular visitors around the world who are not logged in. Not only does this confuse visitors, but it also potentially reveals the backend structure of the site.<\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\">The Ultimate Solution: The Perfect WordPress Cache Rules Configuration<\/h2>\n\n\n\n<p>In order to enjoy the whole site CDN cache speed, but also to avoid the background function confusion and cache pollution, we need to \u201ccustom expression\u201d to accurately exclude dynamic requests.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Step 1: Urgently clear the error cache<\/h3>\n\n\n\n<p>If you've already stepped into one of the above potholes, head over to the Cloudflare left menu now:<strong>Caching -&gt; Configuration<\/strong>Click <strong>Purge Everything<\/strong>, destroying all node caches that have been polluted.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Step 2: Create precise caching rules<\/h3>\n\n\n\n<p>leave for <strong>Caching -&gt; Cache Rules<\/strong>Click <strong>Create rule<\/strong>.<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Rule name:<\/strong> write data in a box (on a questionnaire or web form) <code>WP Force Cache Safe<\/code>(or any name).<\/li>\n\n\n\n<li><strong>When incoming requests match:<\/strong> option <strong>Custom filter expression<\/strong>.<\/li>\n\n\n\n<li>strike (on the keyboard) <strong>Edit expression<\/strong> Switch to code editing mode and paste the following lightning protection code:<\/li>\n<\/ul>\n\n\n\n<pre class=\"wp-block-prismatic-blocks\" data-no-auto-translation=\"\"><code class=\"language-powershell\">(not http.request.uri.path contains &quot;\/wp-admin\/&quot; and not http.request.uri.path contains &quot;wp-login.php&quot; and not http.cookie contains &quot;wordpress_logged_in&quot;)<\/code><\/pre>\n\n\n\n<p><em>(The significance of this code is that caching is performed as long as the request path is not the backend, not the login page, and the visitor's browser does not have a \u201clogged in\u201d cookie).<\/em><\/p>\n\n\n\n<h3 class=\"wp-block-heading\">Step 3: Setting the caching behavior (Then the settings are)<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li>locate <strong>Edge TTL<\/strong>: Selection <strong>Ignore cache-control header and use this TTL<\/strong>(ignore the source cache-control and use this TTL), the recommended time is set to <code>2 hours<\/code> Or longer.<\/li>\n\n\n\n<li>locate <strong>Browser TTL<\/strong>(Optional): Select <strong>Override origin and use this TTL<\/strong>The timing is consistent.<\/li>\n\n\n\n<li>Scroll to the bottom and click <strong>Deploy (deploy\/save)<\/strong>.<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h2 class=\"wp-block-heading\">How do I verify that it is in effect?<\/h2>\n\n\n\n<p>Once the settings are complete, use your browser's <strong>Incognito mode<\/strong> Visit the home page of your website. Press <code>F12<\/code> Open the developer tools in the <strong>Network<\/strong> panel and click on the first HTML document request to see the Response Headers:<\/p>\n\n\n\n<ol start=\"1\" class=\"wp-block-list\">\n<li>quest <strong><code>CF-Cache-Status<\/code><\/strong>.<\/li>\n\n\n\n<li>The first refresh may show <code>MISS<\/code>(The node is going to the source station to grab it).<\/li>\n\n\n\n<li>Refresh again, and if it shows <strong><code>HIT<\/code><\/strong>Congratulations, your WordPress site is now on Cloudflare's global CDN highway!<\/li>\n<\/ol>\n\n\n\n<p><em>(Note: Since Cloudflare nodes are spread across the globe, the first visit from a different region may still be MISS, and as long as someone has visited once, subsequent visits from that region will be HIT.)<\/em><\/p>\n\n\n\n<p><\/p>","protected":false},"excerpt":{"rendered":"<p>Enabling Cloudflare's \u201cCache All Content\u201d feature is a great tool for improving WordPress access speed, but if it's not restricted, it's very easy to cause \u201ccache contamination\u201d accidents when ordinary visitors see the administrator's toolbar in the background. This article details a real troubleshooting process: from troubleshooting why the cache does not work (e.g. no-cache directive conflict), to urgently clean up the contaminated error cache, and finally provide a set of the ultimate Cache Rules custom expression. By accurately eliminating wp-admin paths and login cookies, you can keep your site running safely and stably on the CDN highway.<\/p>","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_eb_attr":"","footnotes":""},"categories":[1],"tags":[],"class_list":["post-4290","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"acpt":{"meta":[]},"_links":{"self":[{"href":"https:\/\/www.6ebook.com\/en\/wp-json\/wp\/v2\/posts\/4290","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.6ebook.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.6ebook.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.6ebook.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.6ebook.com\/en\/wp-json\/wp\/v2\/comments?post=4290"}],"version-history":[{"count":0,"href":"https:\/\/www.6ebook.com\/en\/wp-json\/wp\/v2\/posts\/4290\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.6ebook.com\/en\/wp-json\/wp\/v2\/media?parent=4290"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.6ebook.com\/en\/wp-json\/wp\/v2\/categories?post=4290"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.6ebook.com\/en\/wp-json\/wp\/v2\/tags?post=4290"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}