WordPress is a very popular, free, content management platform used all over the world for bogging, websites and apps. CloudFlare is a content delivery network (CDN) that integrated with WordPress to provide better, faster, browsing experience by reducing the load on the main server. The logic is simple, when a visitor comes to the site, instead of being “served” by your WordPress server, he actually receives cached content from CloudFlare CDN. That way less “origin” calls are made to the hosting server, and less resources are needed. How much less? Well that depends on visitors count, CDN configuration and many other parameters that goes beyond the scope of this post, but I can say with no hesitation that CloudFlare CDN has saved me a lot of resources (and therefor funds) while running TheGeneralistIT.com.
Advantages for using CDN
There are additional advantages for using CDN with your website. And while they are too goes beyond the scope of this post, I will point them out in a nutshell.
- “Always online” – As the website content is cached by the CDN, even if your website goes on line due to an error or scheduled maintenance, visitors will still be able to access your site because the CDN will show them the most recent cached version available.
- Improved security – As at least some (if not most) of the requests for information will actually go to the CDN servers, the main server is less exposed to attacks. Please note – less exposed, not immune! CDN by itself does not provide a complete website security solution, and additional components like WAF are required for better protection.
- Forcing SSL traffic – SSL based sites improve your reputation. Not only by your viewers, but for search engines as well, and Google specifically. When you configure your website to work with CloudFlare CDN (even with the free version) you can take advantage of CloudFlare SSL to add a security layer to your website without the cost of purchasing a security certificate, and technical hassle of setting it up on your server.
The problem with OTP and CDN
But CDN powered sites present different types of challenges, one I have encountered one of them when I was trying to set up Two Factor Authentication for TheGeneralistIT.com. TFA or OTP is basically a time based token, generated each time you are trying to login. But when CDN is involved, it gets tricky, as you don’t really which server is handling each request. So while the login page may be served by CDN the authentication is done on your main back-end server, and that server may not even be aware of the generated token. The result will be an endless failed login loops due to incorrect “secondary” login, or “two factor authentication code”. Please note: There are many TFA ot OTP plugins available for WordPress. Some may work out of the box, others may require implementation of the solution described below, or a different solution.
Fixing the problem
The solution is then, to make sure that tokens are always generated by the back-end server, or in CloudFlare’s terminology, create a page rule to bypass cache for the OTP Plugin. (Click on each image to enlarge)
Create a new rule. At the pattern box enter the URL of your website, followed by the path to the OTP plugin directory and end with a forward slash and asterisk. So if OTP plugin directory is “my-otp-plugin”, the rule pattern will be www.mywebsite.com/wp-content/plugins/my-otp-plugin/*
All done. OTP authentication should now work on your CloudFlare CDN powered site with now issues. However, If you still can’t setup TFA / OTP on your website after following this guide, please comment with the plugin name and link to download page at wordpress.org and I will do my best to assist.
Applying Two factor authentication to your WordPress website will improve your website security a great deal, and is highly recommended. Combined with CDN, the setup process can be tricky, but following the method described above, you should be able to configure TFA on your website quickly.