diff --git a/provisioning/roles/varnish/files/etc-default-varnish b/provisioning/roles/varnish/files/etc-default-varnish
index e7b80ff..69523ec 100644
--- a/provisioning/roles/varnish/files/etc-default-varnish
+++ b/provisioning/roles/varnish/files/etc-default-varnish
@@ -38,7 +38,7 @@ VARNISH_STORAGE_SIZE=512M
 VARNISH_SECRET_FILE=/etc/varnish/secret
 
 # Backend storage specification
-VARNISH_STORAGE="malloc,${VARNISH_STORAGE_SIZE}"
+VARNISH_STORAGE="file,${VARNISH_STORAGE_FILE},${VARNISH_STORAGE_SIZE}"
 
 # Default TTL used when the backend does not specify one
 VARNISH_TTL=120
diff --git a/provisioning/roles/varnish/files/etc-varnish/conf.d/receive/wordpress.vcl b/provisioning/roles/varnish/files/etc-varnish/conf.d/receive/wordpress.vcl
index b29a5e1..0769ad5 100644
--- a/provisioning/roles/varnish/files/etc-varnish/conf.d/receive/wordpress.vcl
+++ b/provisioning/roles/varnish/files/etc-varnish/conf.d/receive/wordpress.vcl
@@ -1,21 +1,20 @@
-# Pass all local or login/admin requests straight through
-if (req.http.Host ~ "^local\." || (req.url ~ "wp-(login|admin)")) {
+# Pass all login requests straight through
+if (req.url ~ "wp-login") {
     return (pass);
 }
-
-if (req.http.Cookie ~ "^wp-" || req.http.Cookie ~ "^wordpress_") {
-  return (pass);
+# Pipe all admin requests directly
+if (req.url ~ "wp-admin") {
+    return (pipe);
 }
 
-# Drop any cookies sent to Wordpress.
-if (!(req.url ~ "wp-(login|admin)")) {
-    unset req.http.Cookie;
+# Pass all requests containing a wp- or wordpress_ cookie
+# (meaning NO caching for logged in users)
+if (req.http.Cookie ~ "^([^;]+;\s*)*?(wp-|wordpress_)") {
+  return (pass);
 }
 
-# Anything else left?
-if (!req.http.Cookie) {
-    unset req.http.Cookie;
-}
+# Drop *all* cookies sent to Wordpress, if we've gotten this far
+unset req.http.Cookie;
 
 # Try a cache-lookup
 return (lookup);
diff --git a/provisioning/roles/varnish/files/etc-varnish/production.vcl b/provisioning/roles/varnish/files/etc-varnish/production.vcl
index 82a6d9a..a0b2a7b 100644
--- a/provisioning/roles/varnish/files/etc-varnish/production.vcl
+++ b/provisioning/roles/varnish/files/etc-varnish/production.vcl
@@ -94,28 +94,9 @@ sub vcl_recv {
     #
 
     # Some generic cookie manipulation, useful for all templates that follow
-    # Remove the "has_js" cookie
-    set req.http.Cookie = regsuball(req.http.Cookie, "has_js=[^;]+(; )?", "");
 
-    # Remove any Satallite cookies
-    set req.http.Cookie = regsuball(req.http.Cookie, "__gaid=[^;]+(; )?", "");
-    set req.http.Cookie = regsuball(req.http.Cookie, "_sdsat_[^=]+=[^;]+(; )?", "");
-
-    # Remove any Google Analytics based cookies
-    set req.http.Cookie = regsuball(req.http.Cookie, "__utm.=[^;]+(; )?", "");
-    set req.http.Cookie = regsuball(req.http.Cookie, "_ga=[^;]+(; )?", "");
-    set req.http.Cookie = regsuball(req.http.Cookie, "utmctr=[^;]+(; )?", "");
-    set req.http.Cookie = regsuball(req.http.Cookie, "utmcmd.=[^;]+(; )?", "");
-    set req.http.Cookie = regsuball(req.http.Cookie, "utmccn.=[^;]+(; )?", "");
-
-    # Remove any Cloudflare cookies
-    set req.http.Cookie = regsuball(req.http.Cookie, "__cfduid=[^;]+(; )?", "");
-
-    # Remove the Quant Capital cookies (added by some plugin, all __qca)
-    set req.http.Cookie = regsuball(req.http.Cookie, "__qc.=[^;]+(; )?", "");
-
-    # Remove the AddThis cookies
-    set req.http.Cookie = regsuball(req.http.Cookie, "__atuvc=[^;]+(; )?", "");
+    # Remove any '_' prefixed cookies
+    set req.http.Cookie = regsuball(req.http.Cookie, "_[^=]+=[^;]+(; )?", "");
 
     # Remove a ";" prefix in the cookie if present
     set req.http.Cookie = regsuball(req.http.Cookie, "^;\s*", "");
@@ -148,10 +129,10 @@ sub vcl_recv {
     # A valid discussion could be held on this line: do you really need to cache static files that don't cause load? Only if you have memory left.
     # Sure, there's disk I/O, but chances are your OS will already have these files in their buffers (thus memory).
     # Before you blindly enable this, have a read here: http://mattiasgeniar.be/2012/11/28/stop-caching-static-files/
-    if (req.url ~ "^[^?]*\.(bmp|bz2|css|doc|eot|flv|gif|gz|ico|jpeg|jpg|js|less|mp[34]|pdf|png|rar|rtf|swf|tar|tgz|txt|wav|woff|xml|zip)(\?.*)?$") {
-        unset req.http.Cookie;
-        return (lookup);
-    }
+    # if (req.url ~ "^[^?]*\.(bmp|bz2|css|doc|eot|flv|gif|gz|ico|jpeg|jpg|js|less|mp[34]|pdf|png|rar|rtf|swf|tar|tgz|txt|wav|woff|xml|zip)(\?.*)?$") {
+    #     unset req.http.Cookie;
+    #     return (lookup);
+    # }
 
     # Send Surrogate-Capability headers to announce ESI support to backend
     set req.http.Surrogate-Capability = "key=ESI/1.0";
@@ -245,9 +226,9 @@ sub vcl_fetch {
     # Enable cache for all static files
     # The same argument as the static caches from above: monitor your cache size, if you get data nuked out of it, consider giving up the static file cache.
     # Before you blindly enable this, have a read here: http://mattiasgeniar.be/2012/11/28/stop-caching-static-files/
-    if (req.url ~ "^[^?]*\.(bmp|bz2|css|doc|eot|flv|gif|gz|ico|jpeg|jpg|js|less|mp[34]|pdf|png|rar|rtf|swf|tar|tgz|txt|wav|woff|xml|zip)(\?.*)?$") {
-        unset beresp.http.set-cookie;
-    }
+    # if (req.url ~ "^[^?]*\.(bmp|bz2|css|doc|eot|flv|gif|gz|ico|jpeg|jpg|js|less|mp[34]|pdf|png|rar|rtf|swf|tar|tgz|txt|wav|woff|xml|zip)(\?.*)?$") {
+    #     unset beresp.http.set-cookie;
+    # }
 
     # Sometimes, a 301 or 302 redirect formed via Apache's mod_rewrite can mess with the HTTP port that is being passed along.
     # This often happens with simple rewrite rules in a scenario where Varnish runs on :80 and Apache on :8080 on the same box.