Accessing WordPress wp-admin without logging in

The title might be a bit misleading. I don’t want to show you how it’s done, but rather how to fix it if it’s already happening.

I started noticing something strange happening with my blog. If I’m logged in on my PC, and I access wp-admin on my mobile phone, I am logged straight into wp-admin without having to authenticate myself. That’s a big problem.

I spent what felt like hours debugging this issue, switching W3TC off, but still it felt like some sort of caching issue. I run my DNS through CloudFlare and found that when I switch CloudFlare into development mode, the problem goes away.

I had a look at my CloudFlare Page Rules and found that I needed to do the following :

Browser Cache TTL: a day, Cache Level: Cache Everything, Edge Cache TTL: a month
Security Level: High, Cache Level: Bypass, Disable Apps, Disable Performance

The second page rule is the one you need to have, to tell CloudFlare to not cache the wp-admin.

That solved my problem.