StaticForge for Cloudflare Pages

StaticForge for Cloudflare Pages turns your WordPress site into a static site that lives on Cloudflare Pages, automatically. On every publish or update of any selected post type, the plugin renders your whole site to static HTML, injects a complete SEO metadata baseline (when no other SEO plugin is present), inlines all linked CSS so pages are self-contained, mirrors your sitemap structure, ships an editable robots.txt, and pushes everything to Cloudflare Pages via the Direct Upload API.

The WordPress install (your “dashboard”) becomes the editor only. Public visitors hit the static deployment on Cloudflare’s edge — fast, free, and resilient.

Key features

• Whole-site export — homepage, posts, pages, custom post types, taxonomy archives, author archives.
• Theme-independent — works with any theme. Renders pages exactly as a real visitor would see them.
• Inlined CSS — all <link rel="stylesheet"> tags are fetched and embedded as <style> blocks. Each deployed page is fully self-contained.
• Featured image LCP boost — auto-adds fetchpriority="high", loading="eager", decoding="async" to the post’s featured image so the browser prioritises it as the LCP candidate. Improves Core Web Vitals on every theme that uses the_post_thumbnail() or get_the_post_thumbnail().
• Built-in SEO metadata injection — when no other SEO plugin is detected, automatically emits a full baseline:
  • <meta description> — smart fallback chain (excerpt → trimmed content → user bio → term description → site tagline).
  • <meta robots> with index, follow, max-image-preview:large and friends.
  • <link rel="canonical">.
  • Open Graph: og:type, og:title, og:description, og:url, og:site_name, og:locale, og:image with dimensions and alt; article:published_time, article:modified_time, article:author, article:section, article:tag on posts; profile:first_name, profile:last_name, profile:username on author pages.
  • Twitter Card — summary_large_image when an image is available, otherwise summary; title, description, image, creator.
• Rich JSON-LD schemas — auto-emitted in <head>:
  • WebSite + SearchAction, Organization on every page.
  • Article with linked author Person, publisher Organization, image, dates, articleSection, keywords on single posts.
  • WebPage with primaryImageOfPage on pages and custom post types.
  • Person + ProfilePage schema on author archives — display name, URL, bio, avatar ImageObject (256×256), sameAs social links pulled from user_url and Twitter/Facebook/LinkedIn/Instagram/YouTube/GitHub user meta.
  • CollectionPage for taxonomy and term archives.
  • BreadcrumbList on all singulars and archives.
  • Auto-detected FAQPage — extracts Q/A pairs from Yoast / Rank Math / SEOPress FAQ blocks, OR native HTML5 <details><summary> markup.
  • Auto-detected HowTo — extracts steps from Yoast / Rank Math HowTo blocks, OR posts whose title starts with “How to” + has an ordered list with 3+ items.
• Two-tier dedup safety — auto-disables to avoid duplicates:
  • General SEO plugins (skip ALL our injection): Yoast, Rank Math, All in One SEO Pack (v4+ & legacy), SEOPress, The SEO Framework, Slim SEO, Squirrly, SmartCrawl, WP Meta SEO.
  • Schema-only plugins (skip ONLY our JSON-LD; meta + og still emit): Schema & Structured Data for WP & AMP (saswp by Magazine3), Schema Pro by Brainstorm Force, WPSSO Core, Schema (by Hesham), Schema App, and Magazine3 Schema variants.
  • Override via setting or filters (sforge_seo_competing_plugin, sforge_schema_competing_plugin).
• Sitemap mirroring + fallback generation — discovers /sitemap.xml, /sitemap_index.xml, /wp-sitemap.xml, follows index files, fetches child sitemaps, handles CDATA-wrapped <loc> entries, rewrites origin URLs to your live domain (including protocol-relative //host variants), and strips <?xml-stylesheet ... ?> directives so the dashboard host doesn’t leak into browser-rendered sitemap views. Bundles them all in the deploy. When the origin exposes no sitemap (no SEO plugin, WP core sitemap disabled, sub-directory install with non-standard paths, etc.), the plugin builds a standards-compliant <urlset> sitemap.xml itself from the crawled URL list — with <lastmod> resolved from get_post_modified_time(), <changefreq>weekly</changefreq>, and <priority> (1.0 home / 0.7 elsewhere). Live site always ships a sitemap.
• Granular sitemap generator settings — when the fallback runs, you control exactly what gets listed: per-public-post-type checkboxes, include/exclude homepage, taxonomy archives, author archives, and an option to split the output into a <sitemapindex> referencing per-type sub-sitemaps (sitemap-post.xml, sitemap-page.xml, sitemap-authors.xml, sitemap-taxonomy-category.xml, etc.) for cleaner Search Console submission. Independent of Export Scope. Filter sforge_sitemap_groups to mutate the URL list.
• Editable robots.txt for the live site with auto-managed Sitemap: line — leave blank to auto-generate, or paste your own Allow: / Disallow: rules. Any Sitemap: directive you type is stripped and replaced with the URL of the actually-deployed sitemap (sitemap.xml / sitemap_index.xml / wp-sitemap.xml / etc.) so robots.txt never points at a dead URL. Independent of the dashboard’s own robots.txt.
• Dashboard auto-noindex on activation (social-aware) — when the plugin activates it locks the WordPress install out of search engines (so editors only ever appear via the static deployment). Social/messaging/preview scrapers (Facebook, LinkedIn, Twitter/X, Pinterest, WhatsApp, Slack, Discord, Telegram, Applebot, Reddit, Tumblr, Mastodon, Bluesky, iframely, Embedly) are explicitly allowed /wp-content/uploads/ so og:image previews and oEmbed thumbnails still resolve when a post is shared. Four enforcement layers, all bypassed when the plugin’s own renderer fetches a page (detected via X-SFORGE-Export header), and additionally bypassed for social-scraper user agents and /wp-content/uploads/ requests:
  1. Physical robots.txt at webroot with Disallow: / (any existing file is backed up to robots.txt.sforge-backup and restored on deactivation).
  2. robots_txt WordPress filter for the dynamic fallback.
  3. wp_robots filter adding noindex,nofollow to the meta robots tag.
  4. send_headers action emitting X-Robots-Tag: noindex, nofollow, noarchive, nosnippet HTTP header on every response.
     Toggle via the Block dashboard from search engines setting (default on); flipping the toggle applies/restores the physical robots.txt instantly.
• Defensive noindex stripping — removes noindex / nofollow / noarchive directives from rendered HTML before deploy, so your live site stays indexable even if the source dashboard is locked down.
• Auto-deploy on publish/update — debounced (default 120s) so rapid edit clusters collapse into one deploy.
• Cloudflare Pages Direct Upload — no Git integration required. Uses the official content-addressable upload API: only changed assets are re-uploaded across deploys.
• Live progress UI — activity log auto-refreshes every 4 seconds with batch-by-batch upload progress, render percentages, and a status pill (Idle / Queued / Working).
• Setup Guide built in — full walk-through for Cloudflare Pages project creation, API token setup, and plugin configuration, all inside WP admin.

How it works

1. On publish/update, plugin queues a full-site rebuild via wp_schedule_single_event.
2. Crawler builds URL list (homepage + all published posts/pages of selected types + taxonomy term archives + author archives).
3. SEO injector hooks into wp_head and emits meta + JSON-LD for the rendering page (skipped if another SEO plugin is active).
4. Renderer fetches each URL via wp_remote_get, inlines CSS, rewrites origin URLs to your live domain, strips defensive noindex meta and admin-bar artefacts.
5. SEO module discovers and mirrors /sitemap.xml, /sitemap_index.xml, /wp-sitemap.xml and any child sitemaps; if none found, auto-generates sitemap.xml from the crawled URL list. Emits the configured robots.txt.
6. Deployer hashes each file, asks Cloudflare which assets are new, uploads only the new ones in batches (100 files / 25 MiB each), then creates a deployment via multipart/form-data.
7. Result: a new Cloudflare Pages deployment URL, logged with a clickable link.

What is NOT bundled

By default, files under /wp-content/uploads/, theme assets, plugin assets, and fonts under /wp-content/ are kept pointing at your WordPress origin so they keep working without re-uploading multi-gigabyte media folders. Make sure your origin is reachable over HTTPS (proxy through Cloudflare if your origin’s SSL cert is fragile).

If your origin can’t be reached from Cloudflare (shared hosting firewall, IP allow-list, no proxy option), enable Export Scope → Bundle /wp-content/uploads/ into deploy. The plugin then fetches every uploads URL referenced in the rendered HTML and ships those files inside the CF Pages deploy itself — no origin dependency at runtime. Theme/plugin assets still load from origin. See the Bundle /wp-content/uploads/ (recommended for shared hosting) section below.

Why this plugin

• Simpler scope — Cloudflare Pages only, Direct Upload only.
• Built-in setup walkthrough, no docs hunting.
• Live progress UI with granular per-batch logging.
• Free tier compatible — no build minutes consumed.
• SEO baseline included — no extra plugin needed for tags + JSON-LD.
• No external dependencies, no SaaS, no premium tier.

External services

This plugin connects to the Cloudflare Pages API (https://api.cloudflare.com/client/v4) to deploy your exported static site. This is required core functionality — without it the plugin cannot upload your site to Cloudflare.

What the service is and what it is used for:
Cloudflare Pages is a static site hosting platform operated by Cloudflare, Inc. The plugin uses the Cloudflare Pages Direct Upload API to publish your statically rendered WordPress site to a Cloudflare Pages project that you create and own.

What data is sent, and when:
The plugin contacts the Cloudflare Pages API on these occasions:

• When you click Test Connection in the plugin settings. Sent: your Cloudflare API token (in the Authorization header), your Account ID, and your Pages project slug. Used to verify the project exists and the token has access.
• When you click Rebuild + Deploy Now, or after any post/page/CPT publish/update if Auto-deploy is enabled (debounced). The plugin: (1) requests a short-lived upload JWT from /pages/projects/{project}/upload-token; (2) sends a list of SHA-256 hashes of the files in the export to /pages/assets/check-missing to find which files Cloudflare does not already have; (3) uploads only the missing assets (HTML, CSS, JS, images, sitemap.xml, robots.txt) to /pages/assets/upload; (4) POSTs a final deployment manifest + branch name to /pages/projects/{project}/deployments. All requests include your API token in the Authorization: Bearer header.

What is NOT sent: the plugin never sends WordPress database credentials, user passwords, post drafts, private content, settings beyond the four Cloudflare credentials, or any analytics/telemetry beacons. Only the rendered public HTML/CSS/JS/asset files that already make up your site are uploaded — the same content visitors would see.

Cloudflare Pages service links:

• Cloudflare Pages product page: https://pages.cloudflare.com/
• Cloudflare API documentation: https://developers.cloudflare.com/api/
• Cloudflare Terms of Service: https://www.cloudflare.com/website-terms/
• Cloudflare Self-Service Subscription Agreement (covers Workers & Pages): https://www.cloudflare.com/terms/
• Cloudflare Privacy Policy: https://www.cloudflare.com/privacypolicy/

You retain full ownership and control of your Cloudflare account, Pages project, API token, and deployed content. To stop using the service, revoke the API token in your Cloudflare dashboard and deactivate the plugin.

About

Built by Gunjan Jaswal. Bug reports, feedback: hello@gunjanjaswal.me.