Reputation: 41
Cloudflare CacheEverything : How to bypass Wordpress' Admin Bar for logged-in users?
I have setup cloudflare to cache everything for my wordpress site. My page rules are like the following:
mydomain.tld/wp-admin Cache Level - Bypass
mydomain.tld/*?*loggedin=true Cache Level - Bypass
mydomain.tld/* Cache Level - Cache Everything
To avoid caching admin-bar, i only enable admin-bar-rendering in wordpress when url has parameter "loggedin=true".
It's working great but I wonder if there is a way to make it work without having the extra "loggedin=true" parameter?
This post is closest to my situation. Currently the solutions proposed from the discussion are either:
- using on-site cache plugin like Comet Cache or
- pay 200/month for business plan
Upvotes: 3
Views: 1368
Answers (1)
Reputation: 56
Rather than using a URL parameter, you can use a cookie. This is much easier since adding the cookie is automatically done for you by WordPress, and creating the rule in Cloudflare is really simple (and available on the free tier).
About the Cookie
When logged in, WordPress sets a cookie called wordpress_logged_in_[hash] that contains some data about the user account. You can create a Cloudflare Cache Rule that looks for this and bypasses the cache.
Creating the Cache Rule
Let's create a Cache Rule for our Zone that will match on the cookie. Start by going to the following link and selecting your Zone (it is a deep link, so it should take you to where you need to create the rule): https://dash.cloudflare.com/?to=/:account/:zone/caching/cache-rules/new
- Give the rule a name like
WordPress Logged In Bypass - Select "Custom filter expression" under "If incoming requests match..."
- For the "Field" select "Cookie" from the dropdown list
- In the "Operator" dropdown, select "wildcard." This will let us match on the cookie without knowing the exact value.
- Now, in the "Value" field, enter
wordpress_logged_in_*=*Notice the wildcard for the hash in the key and the wildcard for the value. If you only wanted to bypass cache for a single user, you could do something likewordpress_logged_in_*=johndoe|*wherejohndoeis the user's WordPress username. - Finally, under "Cache eligibility," select "Bypass cache" and press the "Deploy" button to roll out your rule
Test the Rule
You can test the rule manually on the site, but I would suggest testing using Cloudflare Trace. Trace will let you easily forge the cookie and shows you exactly which rules are applied.
- Find Trace in your Zone's dashboard under "Rules" or go here: https://dash.cloudflare.com/?to=/:account/:zone/rules/trace/search
- Enter your site's URL (like
https://example.com) - Make sure "GET" is the selected HTTP method
- In the "Cookies" section, press "Add setting" and then add the key and value of your cookie. You can grab this using your browser's dev tools from your actual site or you can use the following:
- Test Key:
wordpress_logged_in_hashGoesHere - Test Value:
johndoe|1234567890|randomchars|randomchars
- Now press "Send Trace"
After a few moments, you should see a "Matched" result under "Cache Rules" like the one below:
Upvotes: 0
Related Questions
- How to bypass Cloudflare cache for POST request?
- How to let cloudlfare to cache the content but make browser do not cache? (so browser always fetch from CF on every refresh)
- How to serve from Cloudflare cache without requesting the Cloudflare Worker?
- Cache-Control headers in a Cloudflare Workers site
- Prevent cache in CloudFlare
- How to prevent people bypassing my server cache?
- Disable HTML cache on Cloudflare
- Wordpress visitors see and access admin login
- Cloudflare cache third party resources
- In CloudFlare, present cached page only if cookie is not set