Zero-cost separation of WordPress login and visitor caching: The ultimate tutorial for the free version of Cloudflare

Want to makeWordpressCompletely separate dynamic login caching from static visitor caching? This tutorial teaches you how to optimize cookie caching with the free version of Cloudflare at zero cost, improving website speed and user experience. An essential ultimate guide for webmasters!

Ultimate Guide to Cloudflare Free Cookie Caching: Achieving Dynamic Login/Static Visitor Separation at Zero Cost

99% of WordPress website owners using the free version of Cloudflare are wasting more than half of their server performance.

I've seen too many people fall into two extremes.

Either don't cache HTML at all, and fetch data from the origin server every time a visitor visits.

Alternatively, you could cache the entire HTML page, which results in issues such as incorrect user logins, comments not displaying, and backend operations failing.

Many people believe that distinguishing cache by cookie is a feature exclusive to paid plans.

After all, Cloudflare officially states that only the Business and Enterprise plans can bypass HTML caching when cookies are present.

The Business plan starts at $200 per month, which is completely unnecessary for individual website owners and small blogs.

Until April 2023, I discovered a technical trick that most people overlooked.

This technique is the first to fully demonstrate how to achieve the exact same cookie-based caching effect as the paid plan using the operators supported by the free version.

I've used this method to configure over a dozen websites, and the results exceeded my expectations.

My personal blog server's CPU load dropped from an average of 45% to 12%.

The initial page load time has been reduced by 5 seconds.

Monthly server bandwidth consumption decreased by 68%.

However, the initial implementation had two obvious shortcomings.

It only supports a single HTTPS domain and does not support wildcard domains.

It doesn't take into account that many websites still use HTTP redirects or support both HTTP and HTTPS.

I made comprehensive optimizations based on the original approach and solved these two problems.

Now I will target *.etUFOHere's a complete guide on how to configure a wildcard domain like .org that supports both HTTP and HTTPS.

Why can the free version achieve the cookie-based caching function of the paid version?

Many people don't know that the core difference between the free and paid versions of Cloudflare isn't whether or not a certain feature can be implemented.

It lies in how convenient it is to achieve the same function.

The paid version providesMatchesRegular expression operators can be used to match all cookies that need to be bypassed with a single line of regular expression.

However, the free version does not support this operator, and you will receive an error message "not entitled: the use of operator Matches is not allowed" when using it.

The official Cloudflare documentation clearly states that...MatchesOperators require a Business plan or WAF Advanced plan to be used.

This is why most online tutorials tell you that you must upgrade to a paid plan to use cookie caching.

But after repeated testing and research, I found a key breakthrough.

Both WordPress and WooCommerce login cookies have a fixed prefix.

WordPress Cookies prefix:

We don't need to use regular expressions to match all cookies; we only need to use the ones supported by the free version.containsThe operator checks whether the cookie contains these fixed prefixes.

This idea is very clever.

It bypassed the exclusive features of the paid version and achieved the exact same effect using the most basic operators.

Moreover, its performance is better than regular expression matching because...containsThe computational overhead of operators is much less than that of regular expression matching.

For *.etUFOComplete configuration steps for .org (applicable to both HTTP and HTTPS)

The entire configuration process only requires creating 3 caching rules.

The order of the rules is very important and must be strictly followed in the order I have given.

If the order is wrong, the entire caching logic will fail.

Rule 1: Bypass paths that must be dynamic (highest priority)

The purpose of this rule is to ensure that the backend, preview page, user center, and search page are never cached.

These pages must fetch content from the origin server in real time, otherwise serious functional problems will occur.

My optimized expression supports all subdomains and HTTP/HTTPS protocols.

You don't need to create separate rules for each subdomain.

There is no need to create separate rules for HTTP and HTTPS.

The expression is as follows:

ends_with(http.host, ".etufo.org") and (starts_with(http.request.uri.path, "/wp-admin/") or http.request.uri contains "preview=true" or starts_with(http.request.uri.path, "/前台用户中心/") or starts_with(http.request.uri.path, "/?s="))

Select "Bypass Cache" as the operation option.

Place this rule at the very top of all caching rules.

Rule 2: Bypass logged-in and commenting users (second priority)

The purpose of this rule is to allow logged-in and commenting users to directly access dynamic content from the source.

This ensures that users can see their personal information, and comments can be displayed in real time.

The initial implementation used the following method:starts_with(http.request.full_uri, "https://你的域名/").

I changed it toends_with(http.host, ".etufo.org").

This change is the core of the entire optimization.

http.hostIt only includes the domain name, not the protocol and path.

useends_withmatch.etufo.orgIt will automatically matchetufo.org,www.etufo.org,blog.etufo.orgAll subdomains.

It automatically matches both HTTP and HTTPS protocols without requiring any additional configuration.

Native WordPress expressions:

ends_with(http.host, ".etufo.org") and (http.cookie contains "wordpress_sec_" or http.cookie contains "wordpress_logged_in" or http.cookie contains "comment_")

If you are using WooCommerceE-commerceThe plugin requires the WooCommerce cookie prefix to be added.

WooCommerce Enhanced Expressions:

ends_with(http.host, ".etufo.org") and (http.cookie contains "wordpress_sec_" or http.cookie contains "wordpress_logged_in" or http.cookie contains "comment_" or http.cookie contains "woocommerce_")

The operation should also be set to "Bypass Cache".

Place this rule below rule 1.

Rule 3: Cache static HTML for visitors who are not logged in (lowest priority)

The purpose of this rule is to allow unlogged visitors to directly retrieve cached HTML pages from Cloudflare CDN.

This is the most crucial step in improving website speed and reducing server load.

Similarly, I usedends_with(http.host, ".etufo.org")It replaced the original protocol + domain name format.

Automatic compatibility with wildcard domains and dual protocols has been achieved.

Native WordPress expressions:

ends_with(http.host, ".etufo.org") and not http.cookie contains "wordpress_sec_" and not http.cookie contains "wordpress_logged_in" and not http.cookie contains "comment_"

WooCommerce Enhanced Expressions:

ends_with(http.host, ".etufo.org") and not http.cookie contains "wordpress_sec_" and not http.cookie contains "wordpress_logged_in" and not http.cookie contains "comment_" and not http.cookie contains "woocommerce_"

Select "Meets cache criteria" for the operation.

We recommend enabling the following options:

Cache deception armor.

Outdated content is not provided during updates.

Place this rule at the very bottom of all caching rules.

Three verification steps that must be performed after configuration

After configuration, do not close the page immediately.

You need to perform three simple validations to ensure the rules are working correctly.

The first verification step is to check the cache status when the user is not logged in.

Turn on your browser's incognito mode.

Press F12 to open the developer tools and switch to the Network tab.

Visit your website homepage.

Check the response headers.cf-cache-statusfield.

If displayedHITThis indicates that the cache was hit and the rule is working correctly.

The second verification step is to check the caching of the login status.

Log in to your browser in a regular browser windowWordPress backend.

Press F12 to open the developer tools.

Visit the website homepage.

Check the response headers.cf-cache-statusfield.

If displayedDYNAMICThis indicates that the logged-in user successfully bypassed the cache.

The third verification step is to check the caching status of the commenting users.

Post a comment using another browser or incognito mode.

Refresh the page.

Check the response headers.cf-cache-statusfield.

If displayedDYNAMICThis indicates that the commenting user also successfully bypassed the cache.

If the validation fails, first check if the order of the rules is correct.

Then check if there are any other Page Rules or caching rules that conflict with these three rules.

In my actual testing, I found that Page Rules have higher priority than caching rules and will override the settings of caching rules.

Frequently Asked Questions and Advanced Optimizations

Many people ask me how long the cache expiration time should be set.

I recommend setting the cache expiration time for HTML files on the origin server to 1 hour.

This ensures both the freshness of the content and full utilization of the caching advantages of CDN.

If you publish a new article or update a page, you can manually clear the cache for the corresponding page in the Cloudflare backend.

You can also install the official Cloudflare installation package.WordPress pluginThis allows for automatic cache clearing when publishing content.

Some people also asked whether this method would affect the website.SEO.

Not at all.

Search engine crawlers are not logged in and will retrieve cached pages just like regular visitors.

Cached pages load faster, which can actually improve search engine rankings.

According to Google’s core web metrics report, for every 1 second increase in page load speed, conversion rates can increase by 7%.

The speed boost from this configuration not only improves the user experience but also directly generates more traffic and revenue.

Conclusion

In this digital age where computing power equals cost and speed equals competitiveness, every optimization of server resources adds value to digital assets.

Many people pursue expensive paid services but overlook the enormous potential hidden in free tools.

The capabilities of the free version of Cloudflare are far more powerful than most people imagine.

The best technical solution is never the most expensive, but the one that best suits your needs.

For 99% of individual website owners and small and medium-sized enterprises, this zero-cost cookie-based caching solution is more than enough to meet their needs.

It doesn't require you to pay $200 per month, yet it delivers almost the same performance improvement as a paid plan.

The essence of technology is to solve problems, not to pile up expensive tools.

We truly grasp the essence of technology when we learn to build efficient systems using the most basic components.

If you are using the free version of Cloudflare and your website is built on WordPress, I highly recommend that you follow this tutorial to configure it.

You will find that your website speed will experience a qualitative leap, and server load will drop significantly.

This is an optimization operation that takes 5 minutes to implement and benefits you for a whole year.

Don't let free resources go to waste; take action to make your website run faster.