diff --git a/data/nginx/server.conf b/data/nginx/server.conf
index 0d79c451031e4c3b90b21f612b6268530d663842..d7b1fff1000ba65b9e0ce8d7a3023ed83d5a9dd6 100644
--- a/data/nginx/server.conf
+++ b/data/nginx/server.conf
@@ -120,4 +120,9 @@ server {
 		include safe.types;
 		default_type application/octet-stream;
 	}
+
+	# Disable serving directly from any page cache in /wp-content/cache
+	location /wp-content/cache/ {
+		return 404;
+	}
 }
diff --git a/scripts/entrypoint.sh b/scripts/entrypoint.sh
index 7f79934645e1e30b99eaa49055fbb0840752693c..406df6fb52a084fd50f50a3a25c46bfb08332bea 100755
--- a/scripts/entrypoint.sh
+++ b/scripts/entrypoint.sh
@@ -167,24 +167,20 @@ setup_components() {
 	return 0
 }
 
-get_media_dir()
+get_writable_dirs()
 {
-	[[ -v MEDIA ]] && return
-	MEDIA=$(
+	[[ -v MEDIA && -v CACHE ]] && return
+	local content=$(
+		wp config get WP_CONTENT_DIR --type=constant || echo wp-content
+	)
+	local media=$(
 		wp config get UPLOADS --type=constant ||
 		wp option get upload_path
 	)
-	[[ -n "${MEDIA}" ]] && return
-	local _wp_content=$(wp config get WP_CONTENT_DIR --type=constant)
-	MEDIA=${_wp_content:-wp-content}/uploads
-}
-
-setup_media()
-{
-	# UID values change on every run, ensure the owner and group are set
-	# correctly on the media directory/volume.
-	get_media_dir
-	chown -R ${WORKER_USER}:${WORKER_USER} "${MEDIA}"
+	MEDIA=${media:-${content}/uploads}
+	CACHE=${content}/cache
+	mkdir -p "${MEDIA}" "${CACHE}"
+	chown -R ${WORKER_USER}:${WORKER_USER} "${MEDIA}" "${CACHE}"
 }
 
 setup_sandbox()
@@ -233,7 +229,7 @@ setup_debug()
 
 collect_static()
 {
-	get_media_dir
+	get_writable_dirs
 	local IFS=,
 	declare -a flags=(flist stats remove del)
 	test -t 1 && flags+=(progress2)
@@ -244,6 +240,7 @@ collect_static()
 		--exclude-from=- \
 		--exclude='*.php' \
 		--exclude="${MEDIA}" \
+		--exclude="${CACHE}" \
 		--exclude=/static/ \
 		--exclude=/vendor/ \
 		--force \
@@ -349,7 +346,6 @@ case "$1" in
 		create_config
 		setup_components
 		setup_debug
-		setup_media
 		collect_static
 		generate_static
 		setup_sandbox
diff --git a/tests/configs/test-cache.php b/tests/configs/test-cache.php
new file mode 100644
index 0000000000000000000000000000000000000000..a01188b1a81d2d7a07abfa13dee8fcc8f9586736
--- /dev/null
+++ b/tests/configs/test-cache.php
@@ -0,0 +1,33 @@
+<?php
+/*
+Plugin Name: Test Plugin
+Description: Assists in the testing of some scenarios
+*/
+
+add_action( 'rest_api_init', function() {
+	register_rest_route( 'test/v1', '/write-cache', array(
+		'methods' => WP_REST_Server::READABLE,
+		'callback' => function($request) {
+			if ( !isset($request['file']) ) {
+				return new WP_Error('Missing param file');
+			}
+			$file = WP_CONTENT_DIR . "/cache/{$request['file']}";
+			file_put_contents($file, "Generated file");
+			return rest_ensure_response( "Cache file created" );
+		},
+		'args' => array(
+			'file' => array(
+				'description' => 'File to touch on the server host',
+				'type' => 'string',
+			)
+		)
+	));
+});
+
+/* register_activation_hook( __FILE__, function() { */
+/* 	if ( !defined('WP_CLI') && $_SERVER['REQUEST_URI'] == '/test-cache' ) { */
+/* 		$file = WP_CONTENT_DIR . "/cache/${_GET['file']}"; */
+/* 		file_put_contents($file, "Generated file"); */
+/* 		wp_die("Cache file created", 200); */
+/* 	} */
+/* }); */
diff --git a/tests/regression-28.feature b/tests/regression-28.feature
new file mode 100644
index 0000000000000000000000000000000000000000..c978863961d6adec46391ab6f3c16a3f7b6326f6
--- /dev/null
+++ b/tests/regression-28.feature
@@ -0,0 +1,17 @@
+@wip
+Feature: Page cache directory
+	Ensure that the page cache directory at WP_CONTENT_DIR/cache is writable for
+	plugins, but is not served by the server.
+
+	Scenario: After the entrypoint has completed, there is a writable cache dir
+		Given the site is not running
+		And test-cache.php is mounted in /app/wp-content/mu-plugins/
+		When the site is started
+		And /wp-json/test/v1/write-cache?file=foo.txt is requested
+		Then OK is returned
+		And /app/wp-content/cache/foo.txt exists in the backend
+
+	Scenario: The contents of the cache dir are not served by the proxy
+		Given /app/wp-content/cache/foo exists in the backend
+		When /wp-content/cache/foo is requested
+		Then Not Found is returned
diff --git a/tests/steps/site.py b/tests/steps/site.py
index 2dbcbae5ab7f2a490702f595cd9462f98b1c313a..3a14a8119708ef61bfb2541ebbdfc10006546b2c 100644
--- a/tests/steps/site.py
+++ b/tests/steps/site.py
@@ -231,6 +231,17 @@ def is_plugin_installed(
 		assert site.backend.cli(addon.value, "is-active", name, query=True) == status.value
 
 
+@then("{path:Path} exists in the {container_name}")
+def check_file_exists(context: Context, path: Path, container_name: str) -> None:
+	"""
+	Check a file exists in the named container
+	"""
+	site = use_fixture(site_fixture, context)
+	container = getattr(site, container_name)
+	assert container.run(["sh", "-c", f"test -e {path}"]).returncode == 0, \
+		f"{path} not found in the {container_name}"
+
+
 @then("the email address of {user} is \"{value}\"")
 @then("the email address of {user} is '{value}'")
 def is_user_email(context: Context, user: str, value: str) -> None: