CDN & Network Optimization
This step is about edge delivery and network correctness: TLS, compression, caching behavior, and avoiding accidental caching of dynamic WordPress routes.
Cloudflare Baseline (Safe Defaults)
- Proxy enabled (orange cloud).
- SSL/TLS mode: Full (Strict).
- Brotli: enabled.
- HTTP/2 and HTTP/3: enabled (when available).
Avoid Conflicts
Pick one owner for minification/optimization.
- If your origin/plugin is minifying, keep Cloudflare auto-minify off.
- Avoid Rocket Loader unless you have validated it on your exact stack.
Caching Rules (WordPress-Safe)
Key principle: do not "cache everything" across the whole site unless you are intentionally using an HTML caching product/rule set designed for WordPress.
At minimum, ensure these routes are not cached at the edge:
/wp-admin//wp-login.php- cart/checkout/account paths (for ecommerce)
caution
Global "Cache Everything" rules commonly break WordPress sites (logged-in state, carts, personalized pages). Use APO or a well-tested ruleset if you need edge HTML caching.
Verification
Check CDN and cache headers
curl -sI https://example.com/ | grep -iE 'cf-cache-status|server|cache-control|alt-svc'
Optional: verify HTTP/3 (if your curl supports it)
HTTP/3 probe
curl -I --http3 https://example.com/
Checklist
- Full (Strict) TLS.
- Brotli enabled.
- Minify features are owned by one system (no duplication).
- Dynamic routes are excluded from edge caching.
- Headers validated with curl/DevTools.