planetahuevo

## wp-rocket-no-cache-installation-guide.md

      
              2 files
            
          
              2 forks
            
          
              17 comments
            
          
              4 stars
            
          
                isaumya
                / wp-rocket-no-cache-installation-guide.md
            
            
              Last active
              April 8, 2024 08:51
            
              
                WP Rocket + Super Page Cache for Cloudflare : Disabling WP Rocket Page caching for it to work with Super Page Cache for Cloudflare
              
          
    WP Rocket (No Page Cache) - Must Use Plugin - Installation Guide

When using Super Page Cache for Cloudflare along with WP Rocket plugin it is highly recommended that you do not use more than one page caching system on your site as that will lead to compatibility issues and problems.
Whether you have a server level page caching system or some other page caching plugin installed in yoru site, you need to ensure that all page caching mechanisms are disabled on those plugin before using the Super Page Cache for Cloudflare plugin on your website. Also, ensure that there is no server rule in your .htaccess file or nginx.conf file which is modifying the cache-control header value of the page as that value needs to be managed by the Super Page Cache for Cloudflare plugin.
Here is what you should do if you are uising WP Rocket along with Super Page Cache for Cloudflare to get the best results.
Step 1 - Make sure you have a clean sl


## sec-scan-root.sh
#
# This script is executed from a terminal prompt at the root of your MainWP WordPress website.
# It uses the same services as WP CLI, so if WP CLI runs, this should also.
#
# Execute MainWP CLI command to generate a list of all configured sites in MainWP
# Pipe output through filter to remove columns 3 and 4 of output. These columns hold the 2 digit site number. Adjust if more than 99 sites.
# Pipe that output to get rid of the comment lines in the site listing.
# Pipe that output through the SED editor inserting the security scan command at the beginning of the line
# Send everything to a shell script to be executed.
cd /var/www/capwebwpcare.com/htdocs

## my.cnf
# MariaDB database server configuration file.
#
# You can copy this file to one of:
# - "/etc/mysql/my.cnf" to set global options,
# - "~/.my.cnf" to set user-specific options.
#
# One can use all long options that the program supports.
# Run program with --help to get a list of available options and with
# --print-defaults to see which it would actually understand and use.
#

## notion2blog.js
const MY_DOMAIN = "agodrich.com"
const START_PAGE = "https://www.notion.so/gatsby-starter-notion-2c5e3d685aa341088d4cd8daca52fcc2"
const DISQUS_SHORTNAME = "agodrich"

addEventListener('fetch', event => {
  event.respondWith(fetchAndApply(event.request))
})

const corsHeaders = {
  "Access-Control-Allow-Origin": "*",

## stripParamsWorker.js
/**
 * Define regular expressions at top to have them precompiled.
 */
const urlRegex = new RegExp('^(refreshce|gclid|cx|ie|cof|siteurl|zanpid|origin|utm_[a-z]+|fbid|fbclid|mr:[A-z]+|ref(id|src))$');

addEventListener('fetch', event => {
    event.passThroughOnException()
    event.respondWith(handleRequest(event.request))
})


## commercial-client.php
<?php
/*
 * Plugin Name: Commercial Client
 * Plugin URI: http://pento.net/
 * Description: A sample client plugin for showing updates for non-WordPress.org plugins
 * Author: pento
 * Version: 0.1
 * Author URI: http://pento.net/
 * License: GPL2+
 */

## clinup
#!/usr/bin/env bash
# for debug output, uncomment:
#set -x

function help {

	echo "WordPress cleanup -v 0.5 2018-06-26 / peeter@zone.ee

Usage:

## csp.conf
Secure your website with Content Security Policy
Article byOle Michelsenposted onJuly 19, 2015
Content security policy shield So what is a content security policy (CSP), and why do I need one? A CSP is a contract that your server sends to the browser, defining from which domains it's ok to load scripts, style sheets, images etc.

This is an important tool to protect against cross-site scripting (XSS), clickjacking and other client side attack vectors. XSS can for example be used by evildoers to place a script into your website, replace the login field in your online bank, and send usernames and passwords to somebody else. Another trick could be to load your page in an iframe on a similar domain, so it looks like your page loads normally, all the while evil hackers are snatching up passwords and credit card information.

These techniques can be virtually undetectable to the user, as everything will look normal, and since these attacks happens on the client side, it can be difficult to detect until the damage i

## nginx_with_cache.conf
# Based on articles:
# https://ruhighload.com/%D0%9A%D1%8D%D1%88%D0%B8%D1%80%D0%BE%D0%B2%D0%B0%D0%BD%D0%B8%D0%B5+%D1%81+nginx
# https://wiki.enchtex.info/practice/nginx/cache
# https://gist.github.com/yanmhlv/5612256
# https://nginx.org/en/docs/http/ngx_http_fastcgi_module.html
# https://blog.runcloud.io/2017/10/28/nginx-caching-tutorial-wordpress.html
# https://www.digitalocean.com/community/tutorials/how-to-setup-fastcgi-caching-with-nginx-on-your-vps
# https://easyengine.io/wordpress-nginx/tutorials/single-site/fastcgi-cache-with-purging/


## edd-sl-custom-local-domains.php
<?php

// Example of adding a TLD (.org in this example) to the is_local_url check.
function ck_add_url_tlds( $tlds_to_check ) {
	$tlds_to_check[] = '.org';

	return $tlds_to_check;
}
add_filter( 'edd_sl_url_tlds', 'ck_add_url_tlds', 10, 1 );
	#
	# This script is executed from a terminal prompt at the root of your MainWP WordPress website.
	# It uses the same services as WP CLI, so if WP CLI runs, this should also.
	#
	# Execute MainWP CLI command to generate a list of all configured sites in MainWP
	# Pipe output through filter to remove columns 3 and 4 of output. These columns hold the 2 digit site number. Adjust if more than 99 sites.
	# Pipe that output to get rid of the comment lines in the site listing.
	# Pipe that output through the SED editor inserting the security scan command at the beginning of the line
	# Send everything to a shell script to be executed.
	cd /var/www/capwebwpcare.com/htdocs
	# MariaDB database server configuration file.
	#
	# You can copy this file to one of:
	# - "/etc/mysql/my.cnf" to set global options,
	# - "~/.my.cnf" to set user-specific options.
	#
	# One can use all long options that the program supports.
	# Run program with --help to get a list of available options and with
	# --print-defaults to see which it would actually understand and use.
	#
	const MY_DOMAIN = "agodrich.com"
	const START_PAGE = "https://www.notion.so/gatsby-starter-notion-2c5e3d685aa341088d4cd8daca52fcc2"
	const DISQUS_SHORTNAME = "agodrich"

	addEventListener('fetch', event => {
	event.respondWith(fetchAndApply(event.request))
	})

	const corsHeaders = {
	"Access-Control-Allow-Origin": "*",
	/**
	* Define regular expressions at top to have them precompiled.
	*/
	const urlRegex = new RegExp('^(refreshce\|gclid\|cx\|ie\|cof\|siteurl\|zanpid\|origin\|utm_[a-z]+\|fbid\|fbclid\|mr:[A-z]+\|ref(id\|src))$');

	addEventListener('fetch', event => {
	event.passThroughOnException()
	event.respondWith(handleRequest(event.request))
	})
	<?php
	/*
	* Plugin Name: Commercial Client
	* Plugin URI: http://pento.net/
	* Description: A sample client plugin for showing updates for non-WordPress.org plugins
	* Author: pento
	* Version: 0.1
	* Author URI: http://pento.net/
	* License: GPL2+
	*/
	#!/usr/bin/env bash
	# for debug output, uncomment:
	#set -x

	function help {

	echo "WordPress cleanup -v 0.5 2018-06-26 / peeter@zone.ee

	Usage:
	Secure your website with Content Security Policy
	Article byOle Michelsenposted onJuly 19, 2015
	Content security policy shield So what is a content security policy (CSP), and why do I need one? A CSP is a contract that your server sends to the browser, defining from which domains it's ok to load scripts, style sheets, images etc.

	This is an important tool to protect against cross-site scripting (XSS), clickjacking and other client side attack vectors. XSS can for example be used by evildoers to place a script into your website, replace the login field in your online bank, and send usernames and passwords to somebody else. Another trick could be to load your page in an iframe on a similar domain, so it looks like your page loads normally, all the while evil hackers are snatching up passwords and credit card information.

	These techniques can be virtually undetectable to the user, as everything will look normal, and since these attacks happens on the client side, it can be difficult to detect until the damage i
	# Based on articles:
	# https://ruhighload.com/%D0%9A%D1%8D%D1%88%D0%B8%D1%80%D0%BE%D0%B2%D0%B0%D0%BD%D0%B8%D0%B5+%D1%81+nginx
	# https://wiki.enchtex.info/practice/nginx/cache
	# https://gist.github.com/yanmhlv/5612256
	# https://nginx.org/en/docs/http/ngx_http_fastcgi_module.html
	# https://blog.runcloud.io/2017/10/28/nginx-caching-tutorial-wordpress.html
	# https://www.digitalocean.com/community/tutorials/how-to-setup-fastcgi-caching-with-nginx-on-your-vps
	# https://easyengine.io/wordpress-nginx/tutorials/single-site/fastcgi-cache-with-purging/
	<?php

	// Example of adding a TLD (.org in this example) to the is_local_url check.
	function ck_add_url_tlds( $tlds_to_check ) {
	$tlds_to_check[] = '.org';

	return $tlds_to_check;
	}
	add_filter( 'edd_sl_url_tlds', 'ck_add_url_tlds', 10, 1 );