Skip to content
Sudonix

Best Cloudflare settings for woo commerce

Solved WordPress
  • Hariundefined

    Hello sir, happy new year.

    i have recently signed up for Cloudflare APO for WordPress and i see a huge speed improvement.

    due to cache woocommerce currency switching and flarum login is not functioning properly, i would like to add a page rule and whitelist both directories to avoid cache issues

    i have entered URL as .domain.com/wooCommerce/ and .domain.com/flarum/ now should I set them to bypass or no query string? or ignore query string?

    when i use bypass setting it takes lot of time to load, i want to utilize CF cache but at the same time i don’t want it to cache dynamic related files.

    af5fcbd7-0380-4cbc-9ced-f7ac81c97b48-image.png

    0
  • phenomlabundefined

    @hari the cache level for woocommerce should always be bypass. Any caching of woocommerce will cause you serious issues and will result in the checkout process not functioning correctly.

    This does mean that the overall experience will be slower (depending on geographic location) although CF is known to cause significant issues hence the need to bypass.

    If you want to cache as much as possible, then set rules to bypass caching on the cart and account pages etc.

    Author of OGProxy, Swatch, Threaded, Card, and most of Sudonix's bugs…

    1
  • Hariundefined Hari has marked this topic as solved on

Did this solution help you?
Did you find the suggested solution useful? Why not buy me a coffee? It's a nice gesture, and a great way to show your appreciation 💗

Related Topics
  • Hariundefined

    Adjusting HSTS settings for public wifi's

    Solved Security
    4
    2 Votes
    4 Posts
    417 Views
    phenomlabundefined

    @Hari Ok, no issues. Keep me posted…

  • Pandaundefined

    WP / Woocommerce Mystery

    Solved Configure
    23
    12 Votes
    23 Posts
    1k Views
    phenomlabundefined

    @Panda said in WP / Woocommerce Mystery:

    Just back to my other question, have you ever used Shopify?
    It insists on a templating language to use any custom js.

    Not personally as never had any need, however, I do know that it uses Liquid for JS templating. It’s written in Ruby and is used to generate dynamic content on shop fronts. There’s zero reason as to why it wouldn’t work with data supplied by 3rd party API’s, although WordPress code won’t natively work for obvious reasons, and as such, this code would need to be re-written.

    The JS part will likely work with minor modification, but not the PHP file in it’s current form.

  • DownPWundefined

    Installing and Configuring CrowdSec in Cloudflare

    Security
    4
    +0
    3 Votes
    4 Posts
    625 Views
    phenomlabundefined

    @DownPW yeah, I seem to spend a large amount of my time trying to educate people that there’s no silver bullet when it comes to security.

  • Salaundefined

    How to position ads responsively

    Solved WordPress
    13
    3 Votes
    13 Posts
    657 Views
    Salaundefined

    @phenomlab yes that’s the problem with these J’s, I will try my best , If I find something better I will share. Thanks

  • JACundefined

    WordPress site

    General
    118
    10 Votes
    118 Posts
    12k Views
    JACundefined

    @jac said in WordPress site:

    It’s Wordpress OUT, and Ghost IN it seems! *preference based .

    Even County’s site uses Wordpress 😉 . Although that does serve it’s purpose.

  • phenomlabundefined

    Hardening WordPress - Reducing the attack vector

    Blog
    13
    +0
    1 Votes
    13 Posts
    1k Views
    JACundefined

    @phenomlab said in Hardening WordPress - Reducing the attack vector:

    @jac Microsoft’s and Google’s Authenticator both support TOTP - essentially, a time based system that changes every 30 seconds. The main principle here is that the device itself carrying the One Time Passcode only needs to be in sync with the source server in terms of time, and can be completely offline with no internet access.

    Provided the time matches on both devices, the One Time Passcode will be accepted. Applications such as Microsoft Authenticator and Authy also support push notification meaning you just choose either yes or no on your device when prompted, and then that response is sent back to the origin which then determines if access is granted or not.

    One of the best looking password less authentication models was CLEF - sadly, this product died out due to a lack of funding (if I recall correctly) although some open source implementations of this have appeared quite recently.

    Essentially, both products will achieve the same goal. TOTP is an industry standard, and widely accepted across the board. Not all services offer push confirmation.

    Many thanks for the detailed reply mate.

    There’s some great advice in there that will help me secure my accounts.

  • JACundefined

    WordPress installation

    WordPress
    6
    0 Votes
    6 Posts
    528 Views
    JACundefined

    @phenomlab said in WordPress installation:

    @jac that plugin is for single sign on between WordPress and NodeBB. The plugin you really need is this

    Brilliant, that does look good! 😁

  • Hariundefined

    Cloudflare now handling email routing, YAY 🚀

    Configure
    1
    0 Votes
    1 Posts
    281 Views
    No one has replied