WordPress Plugins
GuardPress ForgeCache SiteVault SiteVault Lite SEObolt Royal Links Royal Affiliates FormForge Royal MCP Royal SMTP RoyalComply Royal Access Royal Ledger
Free Tools
SERP Preview Schema Validator Meta Tag Checker SSL Checker HTTP Headers Site Scanner Plugin Scanner Royal Links (Chrome) Royal Access (Chrome)
Pricing Blog Case Studies Switch to Royal Plugin Graveyard Support My Account Cart
Support / ForgeCache / Connecting Cloudflare

Connecting Cloudflare to ForgeCache

ForgeCache 2.1.18 added a real Cloudflare integration: a scoped API token plus your Zone ID, pasted once, and ForgeCache will automatically purge your Cloudflare edge cache every time WordPress clears its own cache — post updates, plugin / theme changes, manual purges, all of it. This walkthrough is the complete first-time setup: create the right kind of token in Cloudflare, find your Zone ID, paste both into ForgeCache, test the connection, and enable auto-purge.

Requires ForgeCache 2.1.18 or newer

The native Cloudflare API integration ships in ForgeCache 2.1.18 (released 2026-05-29). Earlier versions had a generic CDN URL rewriter only — no API integration, no auto-purge. If you’re on an older version, update from WP Admin → Plugins first.

What This Walkthrough Covers

Five short steps, about 5–10 minutes start to finish:

  1. Create a scoped API token in Cloudflare — one permission (Cache Purge), one zone (your domain).
  2. Find your Zone ID on the Cloudflare overview page.
  3. Paste both into ForgeCache at Settings → Advanced → CDN Integration.
  4. Click Test connection to confirm the token works.
  5. Enable Auto-Purge so ForgeCache fires a Cloudflare purge on every cache-clear event.
Why a scoped token, not the Global API Key

Cloudflare’s old Global API Key has full account permissions — it can change DNS, transfer your zone away, edit billing. Storing that in WordPress is a security risk. The scoped API token below is restricted to a single permission (Cache Purge) on a single zone — the absolute minimum ForgeCache needs to do its job. Even if your WordPress site were compromised, an attacker with the token could only purge cache. Always use scoped tokens for plugin integrations.

Step 1 — Create a Scoped API Token in Cloudflare

Cloudflare API tokens are created from your user profile, not from any specific zone’s dashboard. Sign in to Cloudflare first, then follow the steps below. (Cloudflare redesigned this surface in 2026 — the screens below match the current UI as of mid-2026; if your Cloudflare looks slightly different, the same fields will still be there, just possibly in a different layout.)

Open the API Tokens page

Sign in to dash.cloudflare.com/profile/api-tokens directly — or from any Cloudflare page, click your profile icon in the top-right and choose API Tokens.

Click “Create Token” (top-right)

You land on the token-creation page. It’s now a single scrolling form — Token name, Permission policies, Token expiration, Client IP filtering — all stacked, no separate template gallery.

Name the token

Cloudflare auto-generates a fun name like frosty-violet-e0a5. Rename it to something you’ll recognize later, e.g. ForgeCache — example.com. Future you, six months from now, will appreciate knowing which plugin on which site uses this token.

Scope the policy to a Specific zone

In the Permission policies section, an Edit policy panel is open. At the top of that panel is a scope dropdown that defaults to Entire Account. Click it and switch to Specific zone, then pick your domain from the next dropdown.

This step matters — the available permissions depend on it

Cache Purge is a zone-level permission. If you leave the scope on Entire Account, the only permissions shown are account-level ones (SSL certificates, billing, etc.) — you won’t find Cache Purge anywhere. Switching to Specific zone first is what reveals it.

Add the Cache Purge permission

Below the scope dropdown is a search field and a list of permission groups (Developer Platform, AI & Machine Learning, DNS & Zones, etc.). Find the Cache & Performance group and expand it — or just type cache into the search to filter the list.

Inside Cache & Performance you’ll see a row labeled Cache with the description “Grants access to purge cache.” Tick that row, and from its dropdown choose Purge. That’s the only permission ForgeCache needs — do not add anything else, no matter how tempting.

Token expiration — pick “No expiration” (or set a rotation schedule)

The Token expiration section has chips: No expiration, 7 days, 30 days, 90 days, 1 year, Custom. For a long-lived plugin integration, No expiration is the lowest-friction choice. If your security policy requires rotation, pick a duration you’ll actually remember to renew before it expires — an expired token silently stops working and your CDN cache will go stale.

Leave Client IP address filtering empty

ForgeCache calls Cloudflare from your WordPress server, which may have a dynamic IP if you’re on shared hosting. Locking by IP would break the token every time your host’s NAT changes. Leave the IP filter empty.

Click “Review token”

Bottom-right button. The next screen recaps your choices: one permission (Cache: Purge), one zone, no IP filter, expiration you picked. If it matches, click Create Token.

Copy the token immediately

Cloudflare shows the token exactly once. Click Copy right now. If you close the page without copying, you’ll have to delete this token and create a new one — Cloudflare won’t show it to you again.

Treat the token like a password

Anyone who gets this token can purge your edge cache repeatedly. Don’t paste it into Slack, email, or anywhere it might be logged. The only place it should ever go is the ForgeCache settings field in step 3 below.

Step 2 — Find Your Zone ID

Your Zone ID is a 32-character hex string that identifies your domain to the Cloudflare API. It’s on the main overview page for your site — no need to dig.

Open the Cloudflare dashboard for your site

From dash.cloudflare.com, click your domain in the sites list. You’ll land on the Overview page for that zone.

Scroll to the right-hand “API” sidebar

On the right side of the Overview page (or further down on mobile), there’s a panel labeled API with two fields: Zone ID and Account ID. The one you want is Zone ID — the top one.

Click the Zone ID to copy it

Cloudflare reveals the full string and offers a Click to copy button. Click it. You should now have the 32-character ID on your clipboard, something like 0123456789abcdef0123456789abcdef (yours will be different).

Zone ID vs Account ID — don’t mix them up

The Account ID is a different hex string used for account-level API calls (like reading your billing plan). ForgeCache needs the Zone ID specifically, because zone purges are scoped to one zone. If you paste the Account ID by mistake, ForgeCache’s Test connection in step 4 will report Zone not found — clear feedback that you’ve got the wrong ID.

Step 3 — Paste Both Into ForgeCache

You’ve got two values on your clipboard (or in a temp note): the scoped API token and the Zone ID. Now into WordPress.

Open ForgeCache → Settings → Advanced

In WP Admin, go to ForgeCache → Settings and click the Advanced tab. The first section is CDN Integration.

Enable CDN Integration and choose Cloudflare

Tick Enable CDN Integration, then under Provider choose Cloudflare. A credential panel appears below with two fields: API Token and Zone ID.

Paste both values

Paste your scoped API token into the API Token field, and your 32-character Zone ID into the Zone ID field. Both values save to the WordPress options table. The API Token field is rendered as a password input so the browser masks it on screen, but treat the saved value the same as any other credential — only WordPress admins should have access to this settings page.

Click Save Changes

Hit Save Changes at the bottom of the page. ForgeCache stores the credentials. Don’t skip this — the Test Connection button in the next step reads from saved settings.

Step 4 — Test the Connection

After saving, the Test connection button under the credential fields makes a tiny request to the Cloudflare API to confirm your token works and your Zone ID matches.

Click Test connection

A status message appears next to the button. The expected result is a green “Connection to Cloudflare succeeded.” If you see that, you’re done with setup — jump to step 5 to enable auto-purge.

If Test connection fails — common errors and fixes

ForgeCache message What it means Fix
“Cloudflare API token is empty.” You haven’t pasted a token yet, or you cleared the field by mistake. Re-paste the token from step 1 and click Save Changes before testing again.
“Cloudflare Zone ID is empty.” Token is present but the Zone ID field is blank. Re-paste the Zone ID from step 2, save, retry.
“Cloudflare rejected the API token. Make sure the token has the ‘Zone → Cache Purge: Purge’ permission on this site’s zone.” Token reached Cloudflare and was rejected with 401/403 — either the token is wrong, revoked, or doesn’t have purge permission. Most often a copy/paste truncation — re-copy the token from the CF API Tokens page (re-roll it if you closed that screen). If a clean re-paste still fails, see the full Invalid API Token fix doc.
“Cloudflare returned 404 — Zone ID is wrong or the token doesn’t have access to this zone.” Token is valid but Cloudflare can’t find this Zone ID under it. You probably pasted the Account ID instead of the Zone ID — recheck step 2. Or the token was scoped to a different zone than the one you’re trying to manage.
“Cloudflare rate-limit hit (1,000 purge calls per zone per 24h). Wait or contact Cloudflare to raise.” You’ve burned through Cloudflare’s purge quota. Rare in normal use because ForgeCache deduplicates within each request. If you’re hitting this, you probably have automation publishing very rapidly. Wait for the 24h window to roll over, or open a Cloudflare support ticket to raise the limit on a paid plan.
“Cloudflare returned HTTP NNN…” Anything else — usually a network error or Cloudflare API outage. Note the HTTP code in parentheses; if it’s a 5xx, retry in a few minutes. If your host blocks outbound HTTPS to api.cloudflare.com, ask them to allow it.

Step 5 — Enable Auto-Purge

Auto-purge is what makes the Cloudflare integration actually useful in daily life. When enabled, ForgeCache fires a Cloudflare purge automatically every time WordPress clears its own cache — so your edge cache always reflects the latest version of your content.

Tick “Auto-purge CDN cache when ForgeCache clears its own”

It’s the checkbox directly below the credential panel. Tick it and click Save Changes.

Understand what auto-purge does

From this point forward, ForgeCache calls Cloudflare’s purge API whenever:

  • You publish or update a post / page (purges that URL + your homepage)
  • You click Clear All Cache in ForgeCache (purges your entire zone)
  • You switch themes (purges entire zone)
  • You manually click the Purge CDN cache now button in ForgeCache’s Advanced tab (purges entire zone)

All purges are deduplicated per request — if a bulk action clears 50 posts at once, ForgeCache sends one batched purge to Cloudflare, not 50 individual calls.

Cloudflare limits purges to 1,000 per zone per 24 hours

That’s plenty for any normal WordPress site — even an active news site editing 50 posts a day fires far fewer than 1,000 purges because of the per-request deduplication. The limit only matters if you have automation publishing hundreds of posts per hour. Paid Cloudflare plans have higher limits available on request.

Verify the Integration Is Working

Two quick ways to confirm everything is wired up:

Method 1: Manual purge button

In ForgeCache → Settings → Advanced → CDN Integration, click the Purge CDN cache now button. You should see a success notice; if you have a browser tab open at your site, refresh it — the Cloudflare cf-cache-status response header should be MISS on the next load (because the purge cleared the edge cache and your browser’s request rebuilds it from origin).

Method 2: Edit a post + check the timestamp

Open one of your published posts in the WordPress editor, make a tiny change (add a space, undo, save — trivial), and click Update. ForgeCache will fire a Cloudflare purge for that URL automatically. Refresh the post’s public URL; the page should reload, and Cloudflare’s cf-cache-status header should be MISS on the first request after your edit.

Where to see the cf-cache-status header

Browser DevTools → Network tab → click any request to your domain → Response Headers. Look for cf-cache-statusHIT means Cloudflare served from edge cache, MISS means it asked your origin server, DYNAMIC means Cloudflare decided not to cache that URL (typical for logged-in admin pages).

Day-to-Day — What to Expect

After the initial setup, you mostly don’t touch this. ForgeCache handles cache invalidation automatically. The only times you’ll come back to Settings → Advanced → CDN Integration are:

Still Stuck? Email Priority Support

If Test connection keeps failing after you’ve double-checked the token permissions and Zone ID, or if auto-purge isn’t firing on cache-clear events:

Email support@royalplugins.com with the diagnostic info below. Priority email support is included with your ForgeCache Pro license — typical response time is within 24 hours.

Information to include in your email

  • Your ForgeCache version (from WP Admin → Plugins). 2.1.18+ is required for the Cloudflare API integration.
  • Your WordPress version and PHP version (Tools → Site Health → Info).
  • The exact error message from the Test connection button.
  • Your hosting provider — some managed hosts block outbound HTTPS to specific endpoints, which can prevent the integration from reaching api.cloudflare.com.
  • Confirmation you used a scoped token with Zone → Cache Purge → Purge permission only — not the Global API Key, not a token with broader permissions.
  • Do NOT include the actual API token in your email. If our team needs to reproduce, we’ll send a secure-form link.
Related ForgeCache docs