The 8 Best Cloudflare Page Rules For Any WordPress Site

If you are looking to add the best Cloudflare page rules for your WordPress website, then you are in the right place!

What these page rules will do are:

  • Save Bandwidth
  • Improve Security
  • Bypass WordPress Admin Caching
  • Prevent Spam Bots Collecting Email Addresses
  • and much more!

Do note, however, that Cloudflare free accounts only give you three different page rules, we will list the priority ones first in this tutorial.

As well as Page Rules though, don’t forget to configure the other settings in your Cloudflare dashboard and to use Firewalls rules to block bots from hitting your site excessively and consuming resources.

Rule 1. Secure the WordPress Admin and Bypass Cache

In your WordPress Admin Dashboard, you should have a few settings which we can combine in a single page rule. What we will do he is; set the security level to high and bypass Cloudflare’s cache (as there is no need to cache the admin area). We should also disable Cloudflare apps and performance features (such as minify, Rocket Loader, Mirage, Polish, etc…). We only want to speed these things up on the frontend, which is why we are disabling this in the admin backend.

So, for your page URL, you should use this:


yourwebsite.com/wp-admin*

Your page rules will end up looking like this:

2. Decrease Bandwidth Of WP Uploads

So, WordPress upload files do not change very often, there isn’t really a need to have to cache them as often which saves a lot of bandwidth. We can achieve this by setting Edge Cache TTL to a month. If you need to update certain files or directories before a month; you can always purge the cache for individual files within Cloudflare.

We are also going to be setting the browser cache TTL is set to a day. This sets the expiration time for resources cached in a visitor’s browser, an item often shown in GTmetrix.

So with these rules, your page URL would become:


yourwebsite.com/wp-content/uploads*

With your page rules looking something like this:

3. Stop Bots From Collecting Your Email

What this page rule will do is hide your email address from bots (so they don’t get used to spam you). The email address will still be fully visible within your website to humans though. The general rule here is enabling email obfuscation on any page that contains your email address which will, in turn, prevent your spam. You can also turn it on globally in Cloudflare’s Scrape Shield settings and then change this to be on any page.

Let’s say you only have a visible email address on the contact page, then we can simply add this page rule URL:


yourwebsite.com/contact

And your page rule settings would look as follows:

4. Don’t Cache Preview Pages

This simply will bypass Cloudflare’s cache if it’s in a preview page of a page or post. This helps especially when updating a live website, on a preview page you don’t want to see a cached version when performing updates right?

Page URL:

<code class="language-HTML">
yourwebsite.com/*preview=true*
<code>

And your page rule settings would look as follows:

5. Forward XMLRPC URLs

What this page rule will do is significantly improve the security of hackers using XMLRPC for their attacks. This forwards requests from your xmlrpc.php file to any URL on your site, i.e. your homepage.

Your Page URL will become:


yourwebsite.com/xmlrpc.php*

And your page rule settings will look as follows:

6. Make Important Pages Always Online

As it says, Always Online will keep your most important pages online if your server goes down and can be turned on for the most important pages of your website. As an example, this could be your homepage, contact page, portfolio page and so on...). So what this does is that if anything was to happen to your WordPress website, your most important pages will remain visible.

To do this, set your Page URL to:


yourwebsite.com/url-of-important-page

Then your page rules will look like this:

7. eCommerce Sites And Dynamic Content Using AJAX

eCommerce websites include dynamic content (which shouldn't be cached) but you still want to cache everything else. A good solution is to cache the entire page, but bypass the cache for dynamic (eCommerce) elements like AJAX requests. To achieve this, it requires using 2 separate page rules.

The first-page rule bypasses cache for AJAX requests:


yourwebsite.com/ajax*

This will result in something as per the below:

The second rule we will be adding caches everything else. When ordering page rules, make sure the AJAX rule is before the Cache Everything rule. In other words, this page rule should be ordered last.


yourwebsite.com/*

Which will result in the below:

8. A Rule to Force HTTPS connections

This forces all visitors to connect to your website through HTTPS. This means that all visits through HTTP will redirect to the HTTPS version.

This can be added as follows:


http://*yourwebsite.com/*

The page rules will look as follows:

However, since there is already an option, you can simply enable this in your Cloudflare dashboard under SSL/TLS → Edge Certificates → Always Use HTTPS. This saves you from having to use one of your 3-page rules which is why we mentioned this one last.

Conclusion

So there you have it, you now know which Cloudflare page rules to implement on your WordPress website. In the beginning, we said that the first three page rules were the most important. However, this depends on the type of website that you have, so essentially, not every site is going to have the same page rule settings which are quite evident when it comes to whether you have a standalone blog WordPress website or an eCommerce website.

This should give you a general idea of what you should be adding and how your website can be optimised with Cloudflare. If you've not used Cloudflare and want to know the benefits it can provide to your website, we would recommend reading this post: 4 Reasons to Use a CDN for WordPress

Remember though, in this tutorial, we have only gone through the Page Rules we can use to optimise your WordPress website, there are other rules in which we are going to list below:

Additional Cloudflare Tweaks To Improve WordPress Speed

Rocket Loader is a great additional to improve page speed. However, if you are using WP Rocket plugin, then it might not be beneficial to use this setting. What we would test this with GTMetrix and compare the statistics with both options (enabled/disabled).

If you have upgraded to Railgun, then this makes sure requests that cannot be served from Cloudflare's cache are still fast.

Hotlink Protection prevents people from copying/pasting images from your website to theirs (possibly resulting in bandwidth savings). Especially helpful for sites using high quality images or people who want to protect the images on their website.

What about if I'm using WP Rocket? What should I do then?

If you are using WP Rocket's amazing caching plugin, then you can add your Cloudflare credentials within the settings:

  • Global API key is found in your Cloudflare profile
  • Account email should be same email used in Cloudflare
  • Zone ID is found on the 'Overview' tab of your dashboard

Optimal Settings allows WP Rocket to configure your Cloudflare settings for better compatibility with their plugin. However, it also turns on email obfuscation (resulting in a GTmetrix error on every page) and disables Rocket Loader which may be useful for your site.

Fortunately, WP Rocket has recommendations for configuring Cloudflare such as:

  • Set Caching Level to 'Standard'.
  • Enable Auto Minify for JavaScript, CSS and HTML.
  • Disable Rocket Loader to prevent conflicts.
  • Set Browser Cache Expiration to '1 year'.

What do these Page Rules Terms mean?

  • Always Online - This means keeping a limited version of your site online if your server was to go down for any reason. This is usually used for your most important pages (eg. homepage, shop, contact page, etc...).
  • Browser Integrity Check - This attempts to deny spammers from accessing your website and challenges visitors with a suspicious user agent commonly used by abusive bots.
  • Browser Cache TTL - This time Cloudflare instructs a visitor's browser to cache a resource. You can increase this for pages that aren't updated frequently to save on bandwidth.
  • Disable Performance - This turns off auto minify, Rocket Loader, Mirage, and Polish. These are great to speed up pages, but they should be disabled for your WordPress Admin area.
  • Edge Cache TTL - This time Cloudflare's edge servers cache a resource before going to the origin server for a fresh copy. You can also increase this for pages not updated frequently.
  • Email Obfuscation - This prevents spam by hiding your email address to bots while remaining visible to visitors. You would only use this if your email address is publically displayed on your website
  • Enabling this on the contact page (and other pages showing your email) can help prevent spam.
  • Security Level - By using this, Cloudflare assigns IP addresses a threat score of 0-100. Page rules can be created to assign high security to WordPress admin and sensitive areas of your site.
  • Cache Level - The amount of caching done by Cloudflare ('everything' is most aggressive option for this).
  • Asterik (*) - This is used in page rule URLs to match certain parameters. For example, if I used silvawebdesigns.com/wp-admin* as my URL, then I set the security level to high, that means all URLs with that contain anything with /wp-admin/ would have a high security level.

Do you have any questions?

Here we answer some of the most commonly asked questions regarding the setup of Cloudflare.

What do asterisks do in page rules?
Asterisks serve as a wild card when using a URL in the page rule. For example, yourwebsite.com* would include any URL variation that comes after the asterisk. If you use *yourwebsite.com* as an example, this would include anything before or after, in this scenario, it would also include sub-domains.

What is best Page Rule for the WP Admin?
The WordPress Admin should have a page rule that enforces a high-security level, bypasses Cloudflare's cache, and disables apps + performance features in the admin area. Since WordPress security isn't the greatest since it's so commonly used these days, this would be one of the main priorities of our website.

How can page rules improve speed?
What Page Rules will do is help with decreasing the bandwidth used by the WP Upload area, set a higher Edge Cache TTL and it will cache any dynamic content with the right page rules. On the other hand, if you are looking to simply improve your page speed results (i.e. GTMetrix), configuring Cloudflare's speed tab in the options dashboard is the way forward.

How can page rules improve security?
With Page Rules, this can force SSL, forward XMLRPC URL requests, and lets you use email obfuscation (to prevent spam bots from collecting your email) on single pages without having to worry about an email-decode error showing up in GTmetrix for your entire site.

How many page rules can I have?
You can add up to 3-page rules on Cloudflare's free plan, it will then cost you $5/month for 5 more rules. You can find out more about Cloudflare's pricing if you do wish to upgrade here.


And that finally wraps everything up! If you have any questions about these page rules then don't hesitate to get in touch, we'd love to help you. If you have any better implementations, then we are all ears, let us know.

Drop us a comment below if this has helped and as always; thanks for reading! 🙂

Nathan da Silva - Profile

Posted by: Nathan da Silva

Nathan is the Founder of Silva Web Designs. He is passionate about web development, website design and basically anything digital related. His main expertise is with WordPress, Magento, Shopify as well as many other frameworks. Whether you need responsive design, SEO, speed optimisation or anything else in the world of digital then get in touch. If you would like to work with Nathan, simply drop him an email at [email protected]

It’s good to share

5 Things to Consider When Starting Your E-Commerce Store

If you’ve decided you would like to take the leap to E-Commerce and start your online shop, it can be a difficult process to get started. Fear now though, these days it’s very simple to get your store set up, even if you are just a beginner.

Here are five things you need to consider when you’re starting your journey in the e-commerce world.

Server Size

The first thing you should take into account is the hosting provider that you choose. Essentially, it all comes down to how big you want your store to grow. A shared service is a good option, to begin with, whereas a dedicated server will cater to bigger e-commerce stores.

A shared server means that you won’t have its space all to yourself, however, it’s not needed if your store is only relatively small. If you are aiming at exponential growth then a dedicated server will be a perfect fit. Do note that dedicated servers are more expensive than shared servers. There are other options though, these days you can get a good cloud hosting where you can update the specification of the server as your website grows. To be honest, this is probably the best option. Companies like SiteGround, WP-Engine, and eUKHost offer some great packages to get you started. Best of all, their online support team will help you with any hurdle along the way.

Web Design

When your first visitor lands on your store, the first impression they will get is from the design of the website. So you need to ensure it’s clean, easy to navigate and pleasing to the eye. This will ensure people will stick around and continue to browse your website.

If your website is difficult to explore and not attractive, often potential customers will look elsewhere. Especially if they’ve had no previous dealings with you in the past. Think about it realistically, the big e-commerce sites out there are all straightforward to navigate and have great designs. No matter how small you are, your store shouldn’t be any different. These days, you should consider flat designs for a foolproof way of making your online shop look good.

A Niche Market

When embarking on your journey in the world of e-commerce, you’ve likely learned that a niche market is absolutely something you should avoid. Nice marketing is a term that means finding your path in an already busy market. When there are a load of competitors with nothing different or unique to offer, avoid the oversaturation of it all and use the power of innovation to bring something completely new to the table. You’ll find by doing this, it will grow your audience rapidly.

As you begin with your own business, it is important to get this registered in a “Limited Liability Company” as a sign that it’s a legally registered business. For example, when forming an LLC in SC (South Carolina), the required documents and qualifications should be met.

Quality Customer Service

One of the most important things to have when establishing your online store is a reasonable or high level of customer service. It’s the only way you’ll guarantee solid relationships with buyers – they’ll establish respect and trust for you should you be doing the same for them. In my opinion, for online shops, chat support is a must, everyone likes speaking to somebody before purchasing something right? Offer good customer service and you’ll find that clients will come back.

Security

To get established with an online store, you’ll at least some level of security to back you up. Too often are websites compromised by a lack of security, with attacks such as SQL injection being all too common. Be sure to employ security upon your online store for your sake, as well as in the best interest of your customers – if they’re a victim of an attack, it’s unlikely they’ll stick around to buy from you ever again. As with all online stores, they should always be https:// secure buy installing a valid SSL certificate o the server. This will bring more trust to potential buyers! It is also useful to offer multiple forms of payment by using PayPal and Stripe/SagePay/WorldPay to offer your customers more security when it comes to purchasing products/services from your shop.

Well, I guess that wraps it up, are you starting an e-commerce shop and came across this article? Leave a comment, we’d love to help you on your journey!

Talent management is one of the useful ways to have an organized e-commerce platform. It could help recruit talented employees, which is vital to your success.

Nathan da Silva - Profile

Posted by: Nathan da Silva

Nathan is the Founder of Silva Web Designs. He is passionate about web development, website design and basically anything digital related. His main expertise is with WordPress, Magento, Shopify as well as many other frameworks. Whether you need responsive design, SEO, speed optimisation or anything else in the world of digital then get in touch. If you would like to work with Nathan, simply drop him an email at [email protected]

It’s good to share

WordPress Version 5.2

On May 7, 2019, WordPress 5.2 “Jaco”, named for the jazz musician Jaco Pastorius, was released to the public.

As always, you can update your WordPress to the latest version or download the latest files from WordPress.org.

So what’s new with the latest version?

Site Health Check

Building on the Site Health features introduced in 5.1, this release adds two new pages to help debug common configuration issues. It also adds space where developers can include debugging information for site maintainers. Check your site status by going to Tools > Site Health, and learn how to debug issues.

WordPress 5.2 - Site Health

PHP Error Protection

This administrator-focused update will let you safely fix or manage fatal errors without requiring developer time. It features better handling of the so-called ‘white screen of death,’ and a way to enter recovery mode, which pauses error-causing plugins or themes.

WordPress 5.2 - Site Protection

Improvements for Everyone

Accessibility Updates

A number of changes work together to improve contextual awareness and keyboard navigation flow for those using screen readers and other assistive technologies.

New Dashboard Icons

Thirteen new icons include Instagram, a suite of icons for BuddyPress, and rotated Earth icons for global inclusion. Find them in the Dashboard and have some fun!

Plugin Compatibility Checks

WordPress will now automatically determine if your site’s version of PHP is compatible with installed plugins. If the plugin requires a higher version of PHP than your site currently uses, WordPress will not allow you to activate it, preventing potential compatibility errors.

Developer Happiness

As always, a large handful of developer-focused changes have also been made. The highlights of these include:

PHP Version Bump

The minimum supported PHP version is now 5.6.20. As of WordPress 5.2, themes and plugins can safely take advantage of namespaces, anonymous functions, and more!

Privacy Updates

A new theme page template, a conditional function, and two CSS classes make designing and customizing the Privacy Policy page easier.

New Body Tag Hook

5.2 introduces a wp_body_open hook, which lets themes support injecting code right at the beginning of the element.

Building JavaScript

With the addition of webpack and Babel configurations in the @wordpress/scripts package, developers won’t have to worry about setting up complex build tools to write modern JavaScript.

And plenty of more which you can read about here.

What we can do for you!

As always, it’s always best to keep your WordPress version and plugins up to date and use plugins from reliable authors that maintain their plugins. If you need assistance with upgrading your WordPress version, plugins, updating core code to be compatible with the latest versions of PHP (recommended) or anything else WordPress or digital related then get in touch by sending an email to [email protected]. We &hearths; WordPress and as specialists in the field; you can guarantee that you are in very capable hands.

Have a look at out portfolio – if it’s a web specialist you require; we’re here at your disposal ; )

Nathan da Silva - Profile

Posted by: Nathan da Silva

Nathan is the Founder of Silva Web Designs. He is passionate about web development, website design and basically anything digital related. His main expertise is with WordPress, Magento, Shopify as well as many other frameworks. Whether you need responsive design, SEO, speed optimisation or anything else in the world of digital then get in touch. If you would like to work with Nathan, simply drop him an email at [email protected]

It’s good to share