Most WordPress sites behind Cloudflare run fine once set up correctly. Problems appear during initial setup or after changes to SSL, caching, or DNS configuration. Here are the most common issues and how to resolve them.
Redirect Loop (ERR_TOO_MANY_REDIRECTS)
This is the most common Cloudflare and WordPress problem. The cause is almost always Cloudflare SSL mode set to Flexible while WordPress has HTTPS forced.
With Flexible SSL, Cloudflare connects to your origin server over HTTP. If WordPress has a redirect rule that sends HTTP to HTTPS (which is correct behaviour), the request loops: Cloudflare sends HTTP, WordPress redirects to HTTPS, Cloudflare receives the redirect and sends another HTTP request, and the loop repeats.
Fix: In Cloudflare dashboard, go to SSL/TLS and change the mode from Flexible to Full or Full (Strict). Full requires that your server has any SSL certificate installed. Full (Strict) requires a valid, trusted certificate. Most hosts provide Let’s Encrypt certificates automatically — use Full (Strict) if your host has one.
WordPress Admin Showing Stale Content After Publishing
Cloudflare caches front-end pages, not wp-admin by default. But if you have aggressive Page Rules that cache everything, admin sessions can be cached. Check your Page Rules for any “cache everything” rules without explicit bypass conditions for wp-admin and wp-login.php.
Fix: Add Page Rules (or Cache Rules on Pro) to bypass cache for /wp-admin/* and /wp-login.php. Set the action to Cache Level: Bypass for these paths.
Cloudflare Cache Not Purging After Content Updates
If you publish a post and the old version continues to show, the Cloudflare cache was not purged. The Cloudflare WordPress plugin purges cache automatically on publish if configured correctly.
Fix: Check the plugin settings — verify the API token has Zone: Cache Purge permission. If the token is correct, check whether a caching plugin (WP Rocket, LiteSpeed) is also caching and serving the old version. Purge both caches. WP Rocket’s Cloudflare integration handles both in sequence if configured through WP Rocket’s add-ons panel.
Images Not Loading or Returning 1001/1003 Errors
These Cloudflare error codes usually indicate a DNS configuration problem or that Cloudflare cannot reach your origin server. Check that the DNS A record for your domain is proxied through Cloudflare (orange cloud) and that the IP address points to your actual server. If you recently migrated hosts, the DNS record may still point to the old server IP.
WordPress Showing Incorrect IP Addresses in Comments and Logs
When Cloudflare proxies traffic, all requests appear to come from Cloudflare IP addresses rather than the visitor’s real IP. This affects comment moderation, security plugin geolocation, and server access logs.
Fix: Cloudflare sends the real visitor IP in the CF-Connecting-IP header. The Cloudflare WordPress plugin restores the real IP by reading this header and setting it as REMOTE_ADDR. Activate the Cloudflare plugin and enable the IP restoration option. For server-level access logs, your host needs to configure the web server to log CF-Connecting-IP instead of REMOTE_ADDR.
Cloudflare Breaking WooCommerce Cart and Checkout
Cloudflare caching WooCommerce cart and checkout pages causes incorrect cart contents to show for different users. Cart pages must never be cached.
Fix: Add Page Rules or Cache Rules to bypass cache for /cart/*, /checkout/*, and /my-account/*. WooCommerce also sets cookies that Cloudflare respects by default — ensure Cloudflare’s “Cache Everything” rule is not overriding the cookie-based bypass.
For complex Cloudflare configurations including custom WAF rules, Workers, and multi-site setups, a WordPress developer with Cloudflare experience can audit and fix the configuration correctly.