10 Best Cloudflare Page Rules for WordPress – Ultimate Cloudflare-WordPress Setup Guide [2022]

Updated on

Cloudflare is one of the best CDN providers in the industry.

And their page rules are a necessity for webmasters who want to secure their sites and improve their performance 10 fold.

Fastest WordPress Hosting Anywhere!

In this guide, you will learn about 10 crucial Cloudflare page rules for WordPress sites + how to set them up and use them correctly.

Without further ado, let’s get started!

What Are Cloudflare Page Rules? And Why Should You Bother Setting Them Up Correctly?

Best Cloudflare Page Rules Setup
Best Cloudflare Page Rules Setup

Cloudflare page rules are specific settings and values you can apply to either individual URLs, or to a specific URL pattern that references your domain.

Don’t get confused with all the tech talk, it’s actually really simple.

Use the page rules dashboard to instruct Cloudflare how it should behave on your site so you get increased performance, security, and peace of mind in knowing you’ve made your site significantly better.

Cloudflare Page Rules – Glossary of Important Terms

The article below is fairly technical, but don’t be scared!

All you need to do is read carefully this glossary of terms so you can understand what you’re reading.

  • Always Online – this feature keeps a small part of your site always online and served from cache, even when the rest of your site is down. Excellent for keeping your crucial service pages always accessible.
  • Browser Integrity Check this setting looks for common HTTP headers malicious bots use, and then denies them access to your site so they can’t crawl and waste your server/hosting resources.
  • Browser Cache TTL – this is the time period Cloudflare instructs your visitor’s browsers to cache your page resources. A very useful feature for pages that you never update and that can be cached just one time and where that cache version is always valid (for example your Privacy Policy page). It help you overcome PageSpeed insights warning i.e. Server static resources with efficient cache policy.
  • Disable Performance – your wp-admin should be exempt from Cloudflare rules and other features. “Disable Performance” feature deactivates Mirage, Polish, Rocket Loader and auto minify, without disabling them for the end-users on the front-end of your website.
  • Edge Cache TTL – this is the time Cloudflare’s edge servers cache your page before they go to your server to fetch a fresh copy. Feel free to increase this time interval for pages that are not updated as frequently.
  • Email Obfuscation – this setting helps you obfuscate (write in gibberish) your email for spambots crawling your site, while displaying it normally to your human visitors.
  • Security Level – Cloudflare gives IP addresses a threat score of 0-100. You can create page rules to give a higher security threshold to your WordPress admin area than to some other part of your site.
  • Cache Level – determines how much caching is done by Cloudflare.
  • Asterisk (*) – used in Cloudflare page rules URLs to match certain patterns. For instance, for technumero.com/wp-admin* as my URL, I can set the caching level to aggressive. That means all URLs with /wp-admin/ (and everything after) would be cached aggressively. Of course, I’d never do that as the wp-admin area should never be cached. You’ll learn more about it below!

How to Set up Cloudflare With WordPress Site (Quick Tutorial)?

It’s easy to connect Cloudflare with WordPress, and here are the steps:

First, go to Cloudflare.com and click on the “Sign Up” button in the menu.

cloudflare signup
Cloudflare signup page

Second, add in your email address and password. Click on “Create Account”

Open a new Cloudflare account
Open a new Cloudflare account

Third, pick the “Cloudflare for Infrastructure” plan.

That’s the content delivery network plan most webmasters need.

Pick a CDN for normal sites and blogs
Pick a CDN for normal sites and blogs

Fourth, add in your target website URL.

Connect your site with Cloudflare
Connect your site with Cloudflare

Fifth, pick a FREE Cloudflare plan which is located right below the 3 paid ones.

Pick a free Cloudflare plan
Pick a free Cloudflare plan

The sixth and final step, change your name servers from your current hosts’ to Cloudflare name servers.

This is a must or otherwise, Cloudflare won’t work properly.

Use Cloudflare nameservers with your site
Use Cloudflare nameservers with your site

And that’s it. Once inside the Cloudflare dashboard head on over to the “Page Rules” section and start making those bad boys.

Pro tip: Setting up Cloudflare With WP Rocket

If you’re not using WP Rocket to speed up your site, then I don’t know why? You probably haven’t heard of it, right?

If that’s the case, make sure you read this WP Rocket review for more info.

But for you WP Rocket users, did you know you can connect WP Rocket with Cloudflare Content Delivery Network directly within your WordPress dashboard?

Yes, it’s true, and here are the steps.

First, inside the WP Rocket dashboard go to “Add-ons” and enable Cloudflare.

Then click on “Modify Options”

wp rocket cloudflare add on
Wp Rocket Cloudflare add-on

Second, add in your Cloudflare credentials

  • Global API key;
  • Account email;
  • Zone ID;
connect wp rocket and cloudflare
Connecting WP Rocket and Cloudflare

These settings are all to be found inside your Cloudflare dashboard.

There isn’t room for it here, so please click here for a detailed tutorial on how to connect WP Rocket and Cloudflare.

Some other things to change here:

  • Development Mode – use this feature if you’re making a lot of code changes on your website.
  • Optimal Settings – this activates optimal Cloudflare settings, i.e., minification and aggressive caching, while also deactivating Rocket Loader which can speed up a site, but very often ends up breaking it.
  • Relative Protocol – oftentimes when users download files from your website, those turn out to have no content in them. Leave “Relative Protocol” off to prevent this from happening.
  • Clear All Cloudflare Cache Files – do this only after you’ve finished configuring everything else.
Cloudflare WP Rocket setup
Cloudflare WP Rocket setup

8 Cloudflare Page Rules for WordPress You Need to Enable Today

Even though you can write and add up to 125-page rules, the 8 below will be beneficial and essential for 99% of all WordPress sites.

#1- Always Use HTTPS

This first Cloudflare page rule forces all your visitors to access your domain via a secure, HTTPS connection.

Here’s the pattern below you need to use on your site and one recommended by Cloudflare in this Youtube tutorial.

*yourwebsite.com*

The two asterisks symbols before and after your domain name serve to tell Cloudflare that all variations of your site + subdomains and subfolders should be served over a secure connection to your visitors.

Force https Cloudflare rule
Force HTTPS Cloudflare rule

Pro tip:

Forcing visitors to browse your site through a secure connection is a must for any site owner in 2022, but it needn’t be done through a page rule.

You can also enable it within the SSL/TSL settings in the Cloudflare dashboard.

That way you can preserve that one-page rule slot to use it towards something else (remember, you get limited page rules on a Cloudflare free account- more on that later)

SSL/TSL settings in Cloudflare dashboard
SSL/TSL settings in Cloudflare dashboard

#2- Make Important Pages Always Online

Always online page rule is very useful if you have a shaky server (a typical sign of a bad host; you should switch to something better i.e., Cloudways), your site goes down regularly, and you have pages that need to be kept online at all times.

This page rule forces Cloudflare to serve your crucial pages from the cache in the event your site blacks out for any meaningful time duration.

Recommended pages to enable this page rule on are your homepage, terms of service, contact, hire me page, about us page…

yourwebsite.com
Always online Cloudflare page rule
Always online Cloudflare page rule

#3- Secure WordPress Admin and Bypass Cache

For your wp-admin area, you need to create a rule that’s a combo of several important settings.

First, set the security level to high.

Then, bypass cache (WordPress admin area should never be cached, as you always want to have the most current version).

Finally, disable the Cloudflare app and performance features (minification, Polish, Mirage, Rocket Loader…)

These are not needed for your wp-admin dashboard as they can only be used to speed up your website’s frontend.

yourwebsite.com/wp-admin*
Cloudflare page rule for wp-admin area
Cloudflare page rule for wp-admin area

#4- Stop Bots From Collecting Your Emails (Email Obfuscation)

Set this Cloudflare page rule to prevent bots from scraping your email address and excessive spam from hitting your inbox.

It works by masking/obfuscating your email address for automated bots, while still keeping it visible to regular site visitors.

This is the rule:

yourwebsite.com/contact
5 email obfuscation rule
Email Obfuscation Cloudflare rule

Note: You can enable this page rule either for specific pages where you have your email address listed (for example contact and about pages) or for the entire domain using the Scrape Shield settings.

Warning: using the Scrape Shield settings will trigger “email-decode.min.js” error in the GTmetrix website speed test tool, but you can easily not pay attention to it as it won’t slow down your site at all.

Cloudflare Scraping Shield
Cloudflare Scraping Shield

#5- Don’t Cache Preview Pages

This page rule simply bypasses Cloudflare’s cache for post/page previews. Page previews should not be cached as they’re not live on your website.

yourwebsite.com/*preview=true*
Bypass Page Preview Caching Cloudflare page rule
Bypass Page Preview Caching Cloudflare page rule

#6- Forward XMLRPC URL’s

This simple page rule instructs Cloudflare to forward requests from your xmlrpc.php file to any URL on your site (pick whichever you want, your site’s homepage is a good choice).

That way you’re protected against hackers using XMLRPC for brute-force DDoS attacks on websites.

yourwebsite.com/xmlrpc.php*
Forward xmlrpc URL Cloudflare page rule
Forward xmlrpc URL Cloudflare page rule

#7- Decrease Bandwidth of WP-Uploads

Because items in your WordPress upload file don’t change as often, they don’t need to be cached as often.

So you need to set Edge Cache TL to empty, once per month, thus saving precious bandwidth.

However, you also need to take precautions so your site’s visitors don’t see stale info that takes a whole month to refresh.

That’s why you need to set Browser Cache TTL to a day.

This sets a 24-h expiration timeframe for resources stored in visitors browsers (note: it sounds complicated, but it’s really not. Just look at the image below)

yourwebsite.com/wp-content/uploads*
Decrease bandwidth of WP uploads Cloudflare page rule
Decrease bandwidth of WP uploads Cloudflare page rule

#8- eCommerce Sites and Dynamic Content Using AJAX

eCommerce sites are replete with dynamic content that should never be cached.

However, you still want and need to cache other parts of the site.

The optimal solution is to cache all static elements while bypassing dynamic elements served over AJAX.

You can set this up easily using a combination of 2 Cloudflare page rules.

The first one bypasses the cache for AJAX:

yourwebsite.com/ajax*
Bypass AJAX caching Cloudflare page rule
Bypass AJAX caching Cloudflare page rule

The second rule instructs Cloudflare to cache everything else on your site.

yourwebsite.com/*
Cloudflare Page Rule - Cache Everything
Cloudflare Page Rule – Cache Everything

#9- Don’t Cache Your Login Page

This is an important Cloudflare page rule, which will prevent CF to cache your login URL i.e. wp-login.php. Similar to the previous rule, you have to setup the Cache level setting to Bypass.

yourwebsite.com/wp-login*
Bypass WP Login Page Caching - Cloudflare page rule
Bypass WP Login Page Caching – Cloudflare page rule for WordPress

Which Cloudflare Page Rules are the Most Important (For Free Users Only)?

The max number of Cloudflare page rules you can have is 125. Way more than you’ll ever need unless you run an enterprise-level site with millions of pages.

But, free Cloudflare users are severely handicapped because they can only use 3-page rules without paying a dime for them.

So, out of these 8-page rules listed here, which ones’ are the most important?

They are:

  • Secure The WordPress Admin And Bypass Cache- Protect wp-admin from hacker, make your wp-admin run smoothly, and prevent outdated cache versions from confusing you in your work.
  • Decrease Bandwidth of WP Uploads – improve site speed and performance with this simple page rule.
  • Stop Bots From Collecting Your Email (Email Obfuscation) – make your life easier by preventing those spammers from getting a hold of your email address.

Forcing users to connect via HTTPS is also a very important page rule, but it can be achieved within the SSL/TLS settings, thus sparing you of having to use a page rule on it.

Note: these 3 rules are great and all, but using all 8 Cloudflare page rules listed here can make your site more successful in the SERPs, and your life as a webmaster way easier.

I strongly suggest you buy the additional 5 Cloudflare page rules (costs $5) so you have a full set of 8.

Some Other Cloudflare Speed Enhancement Features Worth Exploring

Cloudflare has some other exciting features that can help you get record-breaking speeds for your site.

Let’s quickly explore them below, shall we?

#1- DNS

Cloudflare DNS is an enterprise-grade DNS service that offers advanced security with built-in DNSSEC and DDoS mitigation, unmatched response time, and supreme redundancy.

Don’t be confused with all the tech talk. It simply means hooking up your site with Cloudflare DNS will give you a secure and fast website that is always online with zero downtime. The free DNS from Cloudflare service is the fastest DNS hosting service in the world.

Cloudflare DNS
Cloudflare DNS

The best of all?

It’s FREE! And you can enable it right within the Cloudflare dashboard.

cloudflare dns management
Cloudflare DNS management

#2- Auto Minify

Minification reduces the size of your:

  • CSS;
  • HTML;
  • Javascript;

This makes every page only our site load faster. Here is our detailed guide on the minification of JS and CSS resources.

However, if you use WP Rocket on your site, you can use it to minify your code instead of Cloudflare.

Auto minify code setting in Cloudflare
Auto minify code setting in Cloudflare

#3- Brotli

According to Cloudflare:

Brotli is a state of the art lossless compression format, supported by all major browsers. It is capable of achieving considerably better compression ratios than the ubiquitous gzip, and is rapidly gaining in popularity.”

Enable Brotli in Cloudflare speed settings to maximally compass your web pages so they can be served much faster than with normal gzip compression.

Brotli compression Cloudflare
Brotli compression Cloudflare

#4- Rocket Loader

Rocket Loader is an asynchronous JavaScript loader which when enabled prevents your page’s JavaScript from loading simultaneously with HTML.

This makes the page load time significantly shorter as once the HTML is loaded the page is immediately usable and Java loads in the background unobserved by web users.

Cloudflare Rocket Loader feature
Cloudflare Rocket Loader feature

#5- HTTP 3 (With Quick Technology)

Use this newest protocol to speed up HTTP requests and load your website even faster than when using HTTP2, which used to be the best and fastest.

Note: enabling this feature will only affect those clients that connect with your site using HTTP 3, and will not affect adversely those connecting with HTTP 1.1 and HTTP 2.

Cloudflare HTTP3 delivered via QUICK technology
Cloudflare HTTP3 delivered via QUICK technology

#6- Hotlinking

Enable this feature to prevent other websites from embedding your images. This will save you bandwidth but at the cost of backlinking opportunities.

What do I mean?

I mean that if you have excellent images on your site and someone takes them, you could send them a gentle email remainder asking for attribution with a link back to your site.

With Cloudflare Hotlink enabled, they won’t be able to take your images, and you won’t have an excuse to ask them for a link.

Cloudflare hotlink protection
Cloudflare hotlink protection

#7- Automatic Platform Optimization for WordPress

Automatic Platform Optimization for WordPress caches third-party fonts and delivers your website from Cloudflare’s edge network.

That way you get the benefits of a static site without any changes to how you run your website.

This makes your website load significantly faster with TTFB performance largely improved.

Learn more about it here!

Automatic Platform Optimization for WordPress sites
Automatic Platform Optimization for WordPress sites

WP Hostings Comes with In-build Cloudflare Add-on

Because of the immense popularity of Cloudflare and the significant impact, it makes on your website even as a free service nowadays many dominant hosting provides integrate Cloudflare as a free/paid add-on with their hosting.

Most of them offer a one-click Cloudflare page rules setup right from the hosting dashboard. It is so integrated that you do not have to have an account with Cloudflare.

Here is the list of WordPress Hosting providers that offers Cloudflare as a free Add-on

Final Words

Do you now know why Cloudflare page rules are important for your website?

Yes, it’s not enough to just enable a free CDN and call it a day.

Cloudflare page rules help a ton.

They make your site:

  • More secure;
  • Faster on the backend;
  • Faster on the frontend for Google and the end users.

Having Cloudflare page rules for your WordPress blog strategically deployed will over time turn to an SEO advantage for you.

Why?

Because, as your visitors get better service on your blog, they’ll be happier, spread the word, and send you word-of-mouth traffic which is so valuable nowadays with the insane competition we’re all facing in the SERPS.

In SEO, every little bit helps, and Cloudflare page rules help a ton.

You may also like to read…

Cloudflare Page Rules FAQ

What is Cloudflare Page Rule Block?

Setting a page rule instructs Cloudflare to do X whenever a certain URL pattern triggers the rule. You can block desired pages that match that pattern by adding them in the “bypass section” of said page rule. Bottom line– first you set the rule, and then you define the exceptions.

What is Cloudflare Page Rules Wildcard?

Cloudflare Page rule Wildcard are the asterisk (*), that can be used as a wildcard. Page rules with an asterisk will match any URL beginning/ending with.
For example, yoursite.com/wp-* will match with,
yoursite.com/wp-admin
yoursite.com/wp-login
yoursite.com/wp-content
yoursite.com/wp-include
or any other URL contains yoursite.com/wp- in the beginning.

What are the Best Cloudflare Rules for Speeding up WordPress Sites?

They are:
Not caching wp-admin area; (page rule #3);
Not caching preview pages; (page rule #5);
Decreasing bandwidth of content uploads (page rule #7).
Read more details in the article.

What is Cloudflare WordPress HTML Caching?

Customers of all Cloudflare plans can cache the HTML elements of their sites.

But those who purchase Business and Premium plans also have the option to cache HTML on Cloudflare Edge, further increasing the speed the page loads.

Photo of author
Saurabh K
Saurabh K is a technology enthusiast and part-time blogger. He loves to explore the efficient use of technology and gadgets. He is an outlier and lensman. Add him in your social circle to know more.
Disclaimer: Affiliate links of some product(s) are being used on this page, if you follow the link and make a purchase, we may receive compensation from respective companies. This compensation comes at no additional cost to you.

Leave a Comment

Your email address and website details will not be published. Required fields are marked with *.