Fix: Logged-in & logged-out users seeing the same cached content (LiteSpeed / LSCache) Print

If your WordPress site is hosted on our cPanel servers with LiteSpeed, some pages may be cached at the server level. For account, login, subscription, and checkout pages, server-side page caching can cause the wrong content to appear (e.g. showing a “logged in” state after a user has logged out).

This article explains how to confirm whether full-page caching is enabled at the server level, exclude sensitive URLs from caching, and purge the cache so changes take effect immediately.

Why this happens

WordPress caching plugins (such as WP Rocket) can exclude pages from plugin-level caching, but they do not always control LiteSpeed’s server-level full-page cache (LSCache). If LSCache serves cached HTML for account-related pages, users may see incorrect or user-specific content.

Pages that should never be cached

As a general rule, pages displaying user-specific content should be excluded from all full-page caching, including:

• Login pages
• Account / dashboard pages
• Checkout / cart pages
• Subscription management pages
• Purchase confirmation / receipt pages

Step 1: Confirm whether server-level full-page caching is enabled

To confirm whether LiteSpeed server caching is active:

• Check the LiteSpeed Cache plugin (WordPress Admin):
  Go to LiteSpeed Cache → Cache → Cache. If Enable Cache is ON, LSCache is active.
• Check response headers (advanced):
  Open one of the affected pages and inspect the response headers in your browser developer tools. If you see headers such as x-litespeed-cache: hit, that indicates LSCache is serving cached content.
• cPanel (if available):
  Some servers include a LiteSpeed Web Cache Manager interface in cPanel where cache status and purge options are visible.

Step 2: Disable caching for logged-in users (recommended)

For sites with client accounts, eCommerce, or subscriptions, caching logged-in users is not recommended.

1. Log in to WordPress Admin
2. Go to LiteSpeed Cache → Cache → Cache
3. Set Cache Logged-in Users to OFF
4. Save Changes

This reduces the chance of user-specific pages being cached and shown to other visitors.

Step 3: Exclude specific URLs from LiteSpeed (server) cache

If you have been asked to exclude specific account-related URLs, add them to LiteSpeed’s “Do Not Cache” rules. Example paths commonly excluded include:

• /client-login/
• /subscriptions/
• /checkout/
• /purchase-confirmation/
• /wp-login.php (and related login endpoints)
• /my-account (including subpaths)

Option A (preferred): Exclude within the LiteSpeed Cache plugin

1. Log in to WordPress Admin
2. Go to LiteSpeed Cache → Cache → Excludes
3. Under Do Not Cache URIs, add each path on a new line, for example:

   /client-login/
   /subscriptions/
   /checkout/
   /purchase-confirmation/
   /my-account
   /wp-login.php
       

4. Save Changes

Tip: In most cases, adding /my-account will cover /my-account/* style URLs (subpages/endpoints).

Option B (advanced): Enforce exclusions at the webserver level

If required, exclusions can be enforced at the server level using LiteSpeed directives in the site’s .htaccess. This should only be done by an administrator who understands the server configuration.

<IfModule LiteSpeed>
  CacheDisable public /client-login/
  CacheDisable public /subscriptions/
  CacheDisable public /checkout/
  CacheDisable public /purchase-confirmation/
  CacheDisable public /my-account
  CacheDisable public /wp-login.php
</IfModule>

This ensures LiteSpeed will not serve cached HTML for those paths even if WordPress settings change.

Step 4: Exclude common eCommerce cookies (recommended for cart/checkout sites)

Many eCommerce plugins set cookies for cart and checkout state. Excluding these cookies from cache can prevent cached pages from being served when a cart or logged-in session is detected.

1. Go to LiteSpeed Cache → Cache → Excludes
2. Add relevant cookies under Do Not Cache Cookies (examples may vary per plugin)
3. Save Changes

If you are using Easy Digital Downloads (EDD), common cookies may include cart/session-related cookies. If you are unsure which cookies apply, we can help identify them from your site’s browser cookie list.

Step 5: Purge the server cache after applying changes

After applying exclusions, you must purge the server cache so old cached HTML is removed immediately.

• From WordPress: LiteSpeed Cache → Toolbox → Purge → Purge All
• From cPanel (if available): Use LiteSpeed Web Cache Manager and select Purge/Flush

If your site uses a CDN (including QUIC.cloud), the CDN cache may also need to be purged to avoid serving stale content.

How to verify the fix

1. Open an incognito/private window and load the login/account page
2. Log in, view the account page, then log out
3. Open a new incognito/private window and load the same page
4. Confirm it shows the correct logged-out state

For advanced verification, check response headers again and confirm excluded pages are not returning cache “hit” headers.

Need help?

If you continue to see incorrect content, please send us:

• The affected URLs
• A screenshot of the issue
• Any response headers you can see (especially x-litespeed-cache)
• Whether a CDN is enabled (e.g. Cloudflare / QUIC.cloud)

We can then confirm which caching layer is responsible and apply the correct exclusions.