Cloudflare WordPress configuration
bikegremlin
ModeratorOG
in WordPress
Nothing special, "nothing to write home about" as the Americans say, but I put all of my Cloudflare settings in an article. With some notes on what's worked well, and what hasn't (and why):
How to configure Cloudflare for WordPress
I needed something like this to make it easy when configuring any new websites/accounts for friends and acquaintantces. 1000 times better than logging into my account to see "now what were those settings that should be disabled, but aren't noticeable to cause problems right away..."
As always - any improvements, especially corrections are very welcome.
Detailed info about providers whose services I've used:
BikeGremlin web-hosting reviews
Comments
I'd generally go with Full. cPanel doesn't always properly renew certs with Cloudflare active, which could cause some issues
I wouldn't preload HSTS, but you can still turn it off, clear your HSTS domains, and access your site over HTTP. So, if something gets borked, there still is a fix.
Everything else looks good!
Noted.
Though, I haven't had these problems since mid-2019, tested with several different providers.
I did have them on occasion before that.
Thinking out loud:
On the upside - "Full (strict)" will show an error if an untrusted cert is installed on the hosting server. I think that's good for the visitor's security (not fooling them that I have a proper cert by the CF's "front end," while CF connects to the server using who-knows-which cert).
On a rate from 1 to 10, how complicated you suppose this is for an average Joe?
I.e. how likely are they to require professional assistance if something goes wrong, in order to "remove" HSTS?
Detailed info about providers whose services I've used:
BikeGremlin web-hosting reviews
Probably 5-6, and the menu to remove HSTS is a bit obscure
@bikegremlin this is one of your best articles, actually a definitive guide to get the best of Cloudflare with or without Wordpress.
I think the possibility to also caching html pages should not be overlooked. There is a free alternative to paid plans including APO that I've been using for a while and it works much better than the "tricks" you refer to: it's WP Cloudflare Super Page Cache plugin. Try it, you will not regret!
Excellent article, one of your best!
Thank you!
Thanks.
I have tried that plugin. It had some hiccups. Fine most of the time, but not all the time.
Didn't write down the exact problems (sorry), but I know for sure that I removed that plugin eventually.
To be fair: It did work perfectly fine for about a whole year. And the problems could have been caused by some other plugin updates (LiteSpeed is excellent but some updates do mess some things up, for example).
It's worth giving a try though, probably. I did think about mentioning it in the article, but decided to play it safe - sticking to what I'm currently using.
Detailed info about providers whose services I've used:
BikeGremlin web-hosting reviews
Most of time problems are because of that:
Anyway is still fully compatible with LiteSpeed plugin: