CloudFlare is a great service to use if you run a website, in fact it is one of the few services I almost always use with clients websites no matter what size of site they have. The speed benefits and the extra security it can provide even on the free plan makes it an easy addition to a website, but there are a couple gotchas that can affect WordPress. The issues usually are in the WordPress login and WordPress admin sections and can be any number of problems. I have seen issue ranging from long load times when trying to post, problems logging out and even seeing the admin as being down.

The problem is usually a result of the CloudFlare attempts to improve website security and additional Javascript to help speed up and improve site performance, which works fine usually on the frontend of the website but for some reason in the WordPress admin it can cause problems. Thankfully even the free version of CloudFlare offers an easy solution to help fix these common WordPress admin issues by setting two simple page rules.

The first rule I always add is one to check the WordPress login page. The URL I use is

https://cloudeereviews.com/wp-login.php*

It is important that you use the * at the end of the URL so it matches URL’s like:

https://cloudeereviews.com/wp-login.php?loggedout=true

This helps to fix any problems you might have logging out of your website as well as logging in.

A couple things you might notice in the image above. I set the Security Level to “I’m Under Attack” and I turn on the Browser Integrity Check. These just help to ensure boost the security of the login page and make sure you are a real person and not a bot.

The WordPress admin area needs its own page rule to match all of the possible URL combinations that you might get. It sounds complicated but CloudFlare makes it easy to match multiple URL’s without needing a degree in regular expressions. Simply use:

https://cloudeereviews.com/wp-admin/*

Replacing my URL with your website URL obviously. The settings I use are:

You will notice I turn on the Browser Integrity Check, it is probably not needed in the admin rule, but I turn it on anyway. You could probably set the Security Level to “I’m Under Attack” as well without any side effects.

If you are still experiencing issues with your WordPress admin area and you use CloudFlare and you have set these page rules you might want to explore other possible reasons. It is unfortunate that you only get three page rules with the free CloudFlare account and if you use WordPress you need two to cover two very important parts of your website, but once your website is popular enough to need more rules you can probably move up to a pro plan.