Skip to content

WP Engine

Cloudflare partners with WP Engine to provide WP Engine customers’ websites with Cloudflare’s performance and security benefits.

If you use WP Engine and also have a Cloudflare plan, you can use your own Cloudflare zone to proxy web traffic to your zone first, then WP Engine's (the SaaS Provider) zone second. This configuration option is called Orange-to-Orange (O2O).

Benefits

O2O's benefits include applying your own Cloudflare zone's services and settings - such as WAF, Bot Management, Waiting Room, and more - on the traffic destined for your WP Engine environment.

How it works

For more details about how O2O is different than other Cloudflare setups, refer to How O2O works.

Enable

WP Engine customers can enable O2O on any Cloudflare zone plan.

To enable O2O for a specific hostname within a Cloudflare zone, create a Proxied CNAME DNS record with a target of one of the following WP Engine CNAMEs. Which WP Engine CNAME is used will depend on your current WP Engine network type.

TypeNameTargetProxy status
CNAME<YOUR_HOSTNAME>wp.wpewaf.com (Global Edge Security)
or
wp.wpenginepowered.com (Advanced Network)
Proxied

Product compatibility

When a hostname within your Cloudflare zone has O2O enabled, you assume additional responsibility for the traffic on that hostname because you can now configure various Cloudflare products to affect that traffic. Some of the Cloudflare products compatible with O2O are:

For a full list of compatible products and potential limitations, refer to Product compatibility.

Additional support

If you are a WP Engine customer and have set up your own Cloudflare zone with O2O enabled on specific hostnames, contact your Cloudflare Account Team or Cloudflare Support for help resolving issues in your own zone.

Cloudflare will turn to WP Engine if there are technical issues that Cloudflare cannot resolve.

Resolving SSL errors

If you encounter SSL errors, check if you have a CAA record.

If you do have a CAA record, check that it permits SSL certificates to be issued by digicert.com and letsencrypt.org.

For more details, refer to CAA records.