Secure WP admin url for those who dont want to use CF access
Expression
Code:
(http.request.uri eq "/wp-admin")
Then take action
Managed Challenge
Don’t cache WordPress login, checkout, cart, cookies, and more
Expression
Code:
(http.request.full_uri contains "/wp-admin") or (http.request.full_uri contains "/wp-login.php") or (http.request.full_uri contains "/checkout/") or (http.request.full_uri contains "/cart/") or (http.request.full_uri contains "/my-account/") or (starts_with(http.request.full_uri, "/graphql")) or (starts_with(http.request.full_uri, "/xmlrpc.php")) or (http.request.full_uri contains ".txt") or (http.request.full_uri contains ".xlst") or (http.request.full_uri contains ".xml") or (http.cookie contains "no_cache") or (http.cookie contains "wp-") or (http.cookie contains "wordpress-") or (http.cookie contains "comment_") or (http.cookie contains "woocommerce_") or (http.cookie contains "PHPSESSID") or (http.cookie contains "solid_visit_id") or (http.request.full_uri contains "/affiliates") or (http.request.full_uri contains "/sign-up/") or (http.request.full_uri contains "/sign-in/") or (http.request.full_uri contains "/change-password/") or (http.request.full_uri contains "/my-account/points-and-rewards/") or (http.request.full_uri contains "/my-account/support-tickets/") or (http.request.full_uri contains "/my-account/subscriptions/")
Action
Bypass cache
I dont know if this is the common one I use and works pretty well with your plugin