As a WordPress website administrator, have you ever experienced Cloudflare caching your web page but also displaying the admin bar at the top? Of course, this becomes a problem because the admin menu should only be visible to admins or users who are logged in, not to readers.
If you are experiencing the same issue, you have come to the right article. Here we will provide you with a guide on how to bypass the cache on WordPress pages, including posts and slugs, while we are in a logged-in state.
Table of Contents
How Cloudflare Cache Rules Work
If you set up Cache Rules in Cloudflare, then caching works by saving a static version of a page and serving it to all visitors. This is perfect for blog posts, product pages, and other public content. However, sometimes the top admin bar menu appears; this happens when you view the page while logged in and Cloudflare’s Cache Rules cache that page. Your WordPress login page (wp-login.php) and admin area (/wp-admin/) including the menu too, are fundamentally private and dynamic.
Each login attempt generates unique security tokens (nonces) and session cookies. If Cloudflare serves a cached version of the login page, these unique elements become invalid or get mixed up between users. This breaks the authentication process, leading to errors and serious security concerns. Excluding these sensitive paths from cache is not a performance suggestion-it is a critical necessity for your site’s security and functionality.
How to Disable Cloudflare Cache When a User Logs In
1. Log in to your Cloudflare account first.
2. Access the Caching Menu > Cache Rules > + Create Rule.
3. Give your Cache Rule a name, for example, ‘Bypass Login‘, and select the ‘Custom filter expression‘ option, in the Field option choose ‘cookie‘, in the Operator choose ‘contains‘, for Value input ‘wordpress_logged_in_‘.
4. For the Cache eligibility option, select “Bypass Cache“; for Place at, please place it at the very bottom so as not to be affected by the cache rule above, and don’t forget to click Save.
If Failed?
1. According to our experience, failures often occur when Cache Rules conflict with each other. For this issue, make sure there are no opposing Cache Rules.
2. You can try to arrange the Cache order with others whose cache settings you suspect are opposite. For example, move cache position 1 to the last order and vice versa.
3. Another issue is cleaning the cache on the browser, as we often think the page is cached on Cloudflare, while it is actually cached locally in the browser. Therefore, it is important to clear the cache in the browser to conduct testing.
That is a guide on how you can bypass the Cache in WordPress when the user is logged in. For best results, you can also bypass all files that start with wp in the cache rules using the Field ‘URI-Path‘, Operator ‘Does not start with‘, and Value ‘/wp‘.
Maybe you would like other interesting articles?