Skip to content

Best Cloudflare settings for woo commerce

Solved WordPress
  • Hello sir, happy new year.

    i have recently signed up for Cloudflare APO for WordPress and i see a huge speed improvement.

    due to cache woocommerce currency switching and flarum login is not functioning properly, i would like to add a page rule and whitelist both directories to avoid cache issues

    i have entered URL as and now should I set them to bypass or no query string? or ignore query string?

    when i use bypass setting it takes lot of time to load, i want to utilize CF cache but at the same time i don’t want it to cache dynamic related files.


  • @hari the cache level for woocommerce should always be bypass. Any caching of woocommerce will cause you serious issues and will result in the checkout process not functioning correctly.

    This does mean that the overall experience will be slower (depending on geographic location) although CF is known to cause significant issues hence the need to bypass.

    If you want to cache as much as possible, then set rules to bypass caching on the cart and account pages etc.

  • Hariundefined Hari has marked this topic as solved on

Did this solution help you?
Did you find the suggested solution useful? Why not buy me a coffee? It's a nice gesture, and a great way to show your appreciation 💗

  • 1 Votes
    4 Posts

    @Hari the real issue here is that I don’t think it can be used as a theme for WordPress because of the dependencies it clearly has, including its own Web server.

    My view here is that this is designed to be a complete development environment outside of the WordPress core.

  • 0 Votes
    10 Posts

    I found it here, ins elements can not have aria elements

  • 3 Votes
    4 Posts

    @DownPW yeah, I seem to spend a large amount of my time trying to educate people that there’s no silver bullet when it comes to security.

  • WordPress site

    10 Votes
    118 Posts

    @jac said in WordPress site:

    It’s Wordpress OUT, and Ghost IN it seems! *preference based .

    Even County’s site uses Wordpress 😉 . Although that does serve it’s purpose.

  • 52 Votes
    87 Posts

    @Hari Glad to see this went so well, and that you’ve finally departed the Flarum ecosystem 🙂

  • 1 Votes
    13 Posts

    @phenomlab said in Hardening WordPress - Reducing the attack vector:

    @jac Microsoft’s and Google’s Authenticator both support TOTP - essentially, a time based system that changes every 30 seconds. The main principle here is that the device itself carrying the One Time Passcode only needs to be in sync with the source server in terms of time, and can be completely offline with no internet access.

    Provided the time matches on both devices, the One Time Passcode will be accepted. Applications such as Microsoft Authenticator and Authy also support push notification meaning you just choose either yes or no on your device when prompted, and then that response is sent back to the origin which then determines if access is granted or not.

    One of the best looking password less authentication models was CLEF - sadly, this product died out due to a lack of funding (if I recall correctly) although some open source implementations of this have appeared quite recently.

    Essentially, both products will achieve the same goal. TOTP is an industry standard, and widely accepted across the board. Not all services offer push confirmation.

    Many thanks for the detailed reply mate.

    There’s some great advice in there that will help me secure my accounts.

  • 0 Votes
    6 Posts

    @phenomlab said in WordPress installation:

    @jac that plugin is for single sign on between WordPress and NodeBB. The plugin you really need is this

    Brilliant, that does look good! 😁

  • 5 Votes
    6 Posts

    @hari That’s it. Yes. Nothing more to do