This plugin hasn’t been tested with the latest 3 major releases of WordPress. It may no longer be maintained or supported and may have compatibility issues when used with more recent versions of WordPress.

WordPress SuperSonic with CloudFlare


Important information: this plugins works only with CloudFlare!

With this plugin you can speed up WordPress to supersonic speed.

By default CloudFlare do not caches HTML content. It can be done by adding one page rule in CloudFlare. But when site content is changed (by adding, editing or deleting post, page or comment) CloudFlare do not refreshes cached content. This functionality is taken by this plugin.
When content is changed plugin purges only files previously served to CloudFlare. It saves resources and time. You can choose which files are purged on defined events.

WordPress SuperSonic with CloudFlare integrates WordPress with CloudFlare for more speed and security. With this plugin WordPress pages will load as fast as 100 miliseconds!

Major features

  • Cloudflare API v4
  • support form Cloudflare Flexible SSL
  • automatically purge changed pages from CloudFlare cache (posts, pages, custom post types and associates pages: categories, tags, date archives)
  • country information of commenter in comments
  • bruteforce protection by bannig IP address in CloudFlare
  • ban, with list, clear commenter IP address in CloudFlare from comments list
  • disable WordPress login by blocking selected countries
  • disable possibility to post WordPress comments by blocking selected countries
  • block WordPress XML-RPC for selected countries
  • displays CloudFlare statistics for domain
  • event logging

Example sites with SuperSonic plugin – check how fast they loading


  • CloudFlare configuration
  • Seaded
  • Tööriistad
  • Cache purge configuration
  • Security
  • Log
  • Statistika
  • Comment list


  1. Upload zip archive content to the /wp-content/plugins/ directory
  2. Activate the plugin through the ‘Plugins’ menu in WordPress
  3. Go to Administration area and choose SuperSonic from menu.
  4. Configure CloudFlare credintials.


Installation Instructions
  1. Upload zip archive content to the /wp-content/plugins/ directory
  2. Activate the plugin through the ‘Plugins’ menu in WordPress
  3. Go to Administration area and choose SuperSonic from menu.
  4. Configure CloudFlare credintials.
CloudFlare is required?

Yes. Without CloudFlare SuperSonic functions will not works.

Which Page Rules should You define in CloudFlare?

To properly working Supersonic requires at least 3 Page Rules in CloudFlare.

  1. URL pattern: /*.php*
    Custom caching: Bypass cache
  2. URL pattern: /*wp-admin*
    Custom caching: Bypass cache
  3. URL pattern: /*
    Custom caching: Cache everything
    Edge cache expire TTL: 1 week
    Browser cache expire TTL: 30 minutes

Rules order is very important!

How to configure Supersonic to serve non cached pages with Admin Bar for logged in users?

Supersonic serves front end pages as for non logged in users (except pages that are defined in options).
But for users with specified roles there is posibility to serve non cached pages. It is done by adding parameter (supersonic=wp-admin) to all frontend URLs.

CloudFlare should not cache pages with this parameter. There must be PageRule with Custom caching: Bypass cache.
If you have Page Rule with URL pattern /wp-admin/* or /wp-admin* siply change URL pattern to /*wp-admin*


20. jaan. 2017
The Cloudflare plugin gives me a blank screen on all of my sites. This plug in works, and does a great job. Many thanks!
12. nov. 2016
Does exactly what I was looking for in terms of brute force protection!
3. sept. 2016 1 reply
At the beginning I was stoke about performance. But guess what … this plugin does not speed up your website. Those are the rules in the CloudFlare. Dev-mode simply does not refresh as it should – you click dev-mode on and it won’t stay when you browse pages, you click def-mode off it simply does not do anything. Also Purging rarely works (manual or automatic). After I came back from holiday posts were posted as scheduled but not displayed! Cloudflare cached website was loaded. Only after manual purge in cloud flare those post appeared on the website. Trust me you are better off going directly to cloud flare and toggle those options when needed. And the worst of the problems with this plugin is “supersonic=wp-admin”!!!!!! Whoever use this plugin BE AWARE every time you are trying to insert link or update the link this piece of shi… code will be either somehow embed in your url or at the end of it. So e.g. you might have problems with creating new page or post. This code might be generated directly in your url and you have to manually remove it. I triple check every link on my post or page. And guess what, i already found some of indexed pages by different search engines WITH THIS “supersonic=wp-admin” !!!!!!! It will look like e.g. Do not install this plugin.
3. sept. 2016
Pretty good plugin. Though what is missing – Dev mode on/off switch. – Quick “clear cache” button. May be, just may be placing sats graphs on the plugin settings main page (after it configured). But dev mode switch is sourly missing – thats why I have to keep both Cloudflare plugin and SUpersonic.
3. sept. 2016
I use a CF page rule to cache all content on some of my websites, so this plugin is very useful to automatically flush cache when new content is published or new comments are approved. Oh, and cache can be flushed using wp-cron! 😀 Thanks for creating and maintaining this plugin. 🙂
3. sept. 2016
this plugin does make my site much faster. but it causes major issues with my dashboard and toolbar. i tried all the instructions more than three times — it is too unclear and confusing. it just doesnt work while still letting you control the site logged-in to wp site.
Read all 10 reviews

Contributors & Developers

“WordPress SuperSonic with CloudFlare” is open source software. The following people have contributed to this plugin.




  • Added feature to disable “Do not logout” functionality in wp_head – this feature should fix social sharing plugins problems
  • Added actions and shortcodes to disable/enable “Do not logout” functionality in URLs when needed.


<?php do_action( 'wpss_disable_supersonic_url' ); ?> // disables "Do not logout"
<?php do_action( 'wpss_enable_supersonic_url' ); ?> // enables "Do not logout"


[disable_supersonic_url] <!-- disables "Do not logout" ->
[enable_supersonic_url] <!-- enables "Do not logout" ->
  • Added feature to remove supersonic=wp-admin parameter when “Do not logout” functionality is enabled – little trick in JavaScript 😉


  • Few notices fixed


  • New functionality in do not logout special parameter ?supersonic=wp-admin. In wp-admin area only home page link in admin bar is changed. It should fix all problems with social shares, xml sitemaps and others.


  • New actions related to comments – new tab in Configuration page Comments
  • Comments spammers IPs now can be banned on chellenged (CAPTCHA pagae) – works with other plugins like Aksmet
  • Fixed notice:


  • Bruteforce protection: added action type when blocking IP – ban IP or Cloudflare challenge page
  • Bruteforce protection: added action scope – zone or all zones from user account
  • Fixed notice:


  • Changed http:// to https:// in images linked in Documentation tab


  • Support for Cloudflare Flexible SSL


  • Moved to ClouFlare API v4
  • Fixed warnings in security section
  • Faster purging URLs from cache – 30 URLs per request (API v 4)


  • Respect settings for admin email on bruteforce protection


  • Added option for robots.txt (Options Tab)
  • Added option for HTTP headers (Options Tab)


  • Added action action hook wpss_update_post – for programmers


  • Fixed bug in CF settings tab


  • Fixed “Do you really want to log out?”


  • Fixed notices


  • Added Supersonic to Admin Bar
  • Added option to enable/disable CloudFlare development mode


  • Optimizations in purging with wp-cron


  • Fixed PHP notices


  • Fixed bug in purging function for Comments/Additional pages


  • Optimizations in wp-cron scheduling
  • Optimizations in comments – purging is depended on comment status


  • Fixed notices in debug mode


  • Fixed Admin Bar visibility for logged-in users
  • Fixed bug in deleting comments


  • Fixed bug in purge procedure


  • Fixed ban/whitelist/nul IP from CF Tools tab


  • Changed functionality in CF Settings tab – removed button Test Cloudflare Connection, changed functionality of Update Settings button, now it also tests CloudFlare connection (see screenshots)
  • fixed warning in comment editor
  • added link to CloudFlare Firewall in CF Tools tab


  • Another fix in home page purging
  • Fixes for other probles from support forums


  • Added triling slash for home page on cache purging


  • Few optimizations in collecting URLs to clear


  • Optimizations in collecting URLs to clear
  • Bug fixed in home page identyfication


  • Optimization in “Additional URLs to clear”


  • Added dirname(FILE) in include_once


  • Fixed Call to undefined function is_user_logged_in


  • Added configuration option for start purging CloudFlare cache without waiting for wp-cron (in Options tab)
  • Added functionality to serve non cached pages for logged in users with specified role(s), this functionality is bit tricky – see FAQ


  • Short opening tags (<?) changed to PHP opening tags (<?php)


  • Added support for post preview


  • Initiate first purge immediately without cron


  • WordPress 4.2 compatibility


  • New log message for purge error in wp-cron
  • Admin message in SuperSonic screen with pages count to purge from cache


  • Fixed not working bulk delete in Log


  • Fixed bug in “List of URLs to purge”


  • Tabs renamed


  • Added zone to CloudFlare connection test
  • Cosmetic changes in statistics


  • Fixed bug in configuration form


  • Initial version