If you’re not using Origin Shielding, you’ll want to use the installation instructions on the WordPress Plugin Directory, or the GitHub Repo.

However, if you want to use Origin Shielding with your WordPress site, you’ll need to use custom VCL to add the logic from our WordPress plugin. You’ll do this instead of following the normal installation steps.

Note: If you don't have custom VCL enabled, email support@fastly.com. Also, be sure to read these docs on uploading custom VCL:

• Uploading custom VCL
• Mixing and matching Fastly VCL with custom VCL

To use Origin Shielding with your WordPress site, add the following in vcl_recv to your custom VCL file.

sub vcl_recv {
  #Wordpress plugin logic
  if (req.url ~ "^/") {

# Possibly use this in the future...
set req.http.X-Forwarded-For = client.ip;

## always cache these images & static assets
if (req.request == "GET" && req.url ~ "\.(css|js|gif|jpg|jpeg|bmp|png|ico|img|tga|wmf)$") {
 remove req.http.cookie;
 return(lookup);
}

if (req.request == "GET" && req.url ~ "(xmlrpc.php|wlmanifest.xml)") {
 remove req.http.cookie;
 return(lookup);
}

# Never cache POST requests
if (req.request == "POST") {
 return(pass);
}

### do not cache these files:
## never cache the admin pages, or the server-status page
if (req.request == "GET" && (req.url ~ "(wp-admin|bb-admin|server-status)")) {
 return(pass);
}

# DO cache this ajax request
if (req.http.X-Requested-With == "XMLHttpRequest" && req.url ~ "recent_reviews") {
 return (lookup);
}

# Do not cache ajax requests
if (req.http.X-Requested-With == "XMLHttpRequest" ||
   req.url ~ "nocache" ||
   req.url ~ "(control.php|wp-comments-post.php|wp-login.php|bb-login.php|bb-reset-password.php|register.php)") {
 return (pass);
}

if (req.http.Cookie && req.http.Cookie ~ "wordpress_") {
 set req.http.Cookie = regsuball(req.http.Cookie, "wordpress_test_cookie=", "; wpjunk=");
}

### do not cache authenticated sessions
if (req.http.Cookie && req.http.Cookie ~ "(wordpress_|PHPSESSID)") {
 return(pass);
}

if (req.request == "GET" && req.http.Content-Type ~ "text/html") {
  remove req.http.cookie;
  return(lookup);
}

### parse accept encoding rulesets to make it look nice
if (req.http.Accept-Encoding) {
 if (req.http.Accept-Encoding ~ "gzip") {
   set req.http.Accept-Encoding = "gzip";
 } elsif (req.http.Accept-Encoding ~ "deflate") {
   set req.http.Accept-Encoding = "deflate";
 } else {
   # unknown algorithm
   remove req.http.Accept-Encoding;
 }
}

if (req.http.Cookie) {
 set req.http.Cookie = ";" req.http.Cookie;
 set req.http.Cookie = regsuball(req.http.Cookie, "; +", ";");
 set req.http.Cookie = regsuball(req.http.Cookie, ";(vendor_region|PHPSESSID|themetype2)=", "; \1=");
 set req.http.Cookie = regsuball(req.http.Cookie, ";[^ ][^;]*", "");
 set req.http.Cookie = regsuball(req.http.Cookie, "^[; ]+|[; ]+$", "");

 if (req.http.Cookie == "") {
   remove req.http.Cookie;
 }
}


}

FASTLY recv

Keep in mind:

• You don’t need the WordPress plugin enabled for your account to set this up, but you do need custom VCL enabled.
• You’ll need to include the rest of the Fastly Boilerplate in your custom VCL file.