Projects in Olive HillProjects in Olive HillAcross a portfolio of WordPress sites with restrictive admin policies — read-only WPCode, KSES filtering on inline scripts, role-capped Custom Code, Cloudflare WAF rules blocking admin script POSTs — the solution was to stop fighting the CMS and solve the problem at the edge instead.
GTM injection via Cloudflare Snippets:
When WordPress refuses tracking scripts through (KSES strips them, WPCode is read-only, Custom Code blocks <script> tags), edge-injecting GTM via HTMLRewriter on the Snippets free tier bypasses the CMS entirely. Tracking lives at the edge, gets purged at the edge, never touches the database.
HTTP Link preload via Transform Rules:
When the theme or WPCode path is blocked but LCP depends on a preloaded font or hero image, a Cloudflare Response Header Transform Rule injects the Link: </font.woff2>; rel=preload; as=font header at the edge — no plugin, no theme edit.
Targeted WAF skip rules:
Narrow /wp-admin/* skip rules that allow legitimate script-tag POSTs through without disabling the WAF site-wide.
Stack at a glance:
Edge: Cloudflare Snippets · Transform Rules · WAF · Cache Rules
API: HTMLRewriter
Target: WordPress (locked-down installs)
Overhead: Zero plugins · zero CMS modifications · fully reversible
Skills: Cloudflare · Edge Computing · WordPress · Performance Optimization · Web Development 
