We made a strategic decision to go this route because we see performance and security as closely linked. We also discovered a way to provide better performance for WordPress sites than the existing caching plugins available.
As our user needs become apparent we will be adding more documentation. Keep in mind that understanding mod_rewrite rules is above the average consumer. However if you’re interested, I’d encourage you to simply read your .htaccess once falcon is enabled and it’s fairly clear what we’re doing there. If you have any questions I’m happy to answer them here.
Regards,
Mark.
Thread Starter
allm
(@realblueorange)
@mark
I understand you made a strategic decision, but I still don’t understand why you and your team decided to go this route. But OK, it is up to you I guess…
Before I can update to the new version I really need to know what changes are made to the .htaccess file. Are there only additions? And what are they? Or does it try to make changes as well? And what changes?
And besides: out of security reasons I have made my .htaccess unwritable. Do you want me to change that and make it less secure?
Can I still block IP’s the “old” way? Without Wordfence messing with my htaccess?
Hope you can find some time to answer this. Thanks in advance!
That’s your choice, but your htaccess needs to be writable to use any caching plugin including Falcon that modifies your htaccess.
If you don’t like Falcon, please just leave it disabled.
Regards,
Mark.
Thread Starter
allm
(@realblueorange)
@mark
Thanks for your quick answer. I am a happy user of WordFence so far, so I am really appreciative of the work you do. Forgive me if I sound a little harsh about recent developments. It comes from a desire to make WordFence into an even better product for all.
I might (come to) like Falcon. Still haven’t found the courage to upgrade. From my experience I know it is a big thing to integrate 2 complicated functions. But… I won’t go into that any further.
I missed an answer to the next questions: (or can it be found somewhere?):
Before I can update to the new version I really need to know what changes are made to the .htaccess file. Are there only additions? And what are they? Or does it try to make changes as well? And what changes?
Can I still block IP’s the “old” way? Without Wordfence messing with my htaccess?
@allm
I was a little leery about upgrading too. Once I did, I discovered that Falcon is disabled by default, and nothing changed with .htaccess unless you enable the caching option.
Thread Starter
allm
(@realblueorange)
@seeker286
Thanks for chipping in. I understand that .htaccess will not be changed until I turn Falcon on. That is a good thing.
But I also understood that blocking IPs will result in a different .htaccess.
@mark
So I still would like to know the answer to the following questions from Mark, as they are essential before I can check out Falcon or use the new Wordfence in general:
I really need to know what changes are made to the .htaccess file. Are there only additions? And what are they? Or does it try to make changes as well? And what changes? Under what circumstances are these changes made?
And in another thread I said that out of security reasons I’ve made my .htaccess unwritable for all. Apparently I need to lessen that security to give the new WordFence access. But that will give that access to other plugins as well. That is why I need to know the answer to this (as I like to have my .htaccess fully blocked):
Can I still block IP’s the “old” way? Without Wordfence changing my htaccess?
I also don’t want to use Falcon Engine. I use WP Super Cache which I’m happy with. I have no experience with Falcon Engine and don’t want to spend the time to look into it. In the two minutes I did spend to search for Falcon Engine v WP Super Cache, I found the following:
https://wordpress.org/support/topic/what-exactly-does-falcon-engine-questions-on-features-xmlrpc-options-cache?replies=7
I am using the paid version of Wordfence and have been afraid to update since the version introducing Falcon Engine. If I understand correctly, Falcon Engine is turned on by default but it seems that the IP blocking feature to block foreign IP addresses won’t work if it’s turned off. That’s the only reason I am paying for Wordfence.
Please let me know if this is correct. If it is, I will have to cancel my account.
@PhillEsq,
I have been using the falcon engine, and I can tell you it’s ‘Disabled’ by default. When you enable it, you will be prompted to download a backup copy of the .htaccess file before it actually enables.
Thread Starter
allm
(@realblueorange)
@mark
I hope you still see my previous questions in this thread, in spite of the 2 other remarks that followed…
@philesq
I did not say thay I don’t want to use Falcon. I am (and my customers are) a happy user of WordFence, but I have my doubts about the recent integration of caching. If it works I’ll be happy to use it, but I am cautious.
I take security seriously, so that is why I need to know what is changing (with htaccess) and under what circumstances.
@steve,
I wrote, “If I understand correctly, Falcon Engine is turned on by default but it seems that the IP blocking feature to block foreign IP addresses won’t work if it’s turned off. That’s the only reason I am paying for Wordfence.”
Is that correct?
Thread Starter
allm
(@realblueorange)
@mark
Hope you can still find my questions about htaccess.
@philesq
My questions about htaccess are what this thread is about, and you keep posting your own things, which is fine, but a separate thread for that would be better I guess.
@PhillEsq,
I’m afraid I can’t confirm or deny the country blocking, as I haven’t upgraded to the paid version. But the ‘on by default’ is not correct.
I also read about the homepage only caching and did some testing.
I observed an impressive performance improvement of a (non-homepage) gallery page on my test site.
However, as it’s early days, I’m inclined to agree with your verdict.
@allm,
Sorry, the title of the thread is “Falcon engine, why not a separate plugin?” so I thought I was in the right place.
@allm:
Sorry about the delay on this. It’s been a crazy week. (for all of us in the infosec space!!)
I really need to know what changes are made to the .htaccess file. Are there only additions? And what are they? Or does it try to make changes as well? And what changes? Under what circumstances are these changes made?
No we don’t edit your existing entries. The first change is that we prepend our code to your existing code and our code is enclosed in a block starting and ending with comments containing ‘WFCACHECODE’ without quotes.
The second change is that we prepend a block of code that handles IP blocks, range blocks and user agent blocks. This block is enclosed in comments starting and ending with ‘WFIPBLOCKS’.
And in another thread I said that out of security reasons I’ve made my .htaccess unwritable for all. Apparently I need to lessen that security to give the new WordFence access. But that will give that access to other plugins as well. That is why I need to know the answer to this (as I like to have my .htaccess fully blocked):
Can I still block IP’s the “old” way? Without Wordfence changing my htaccess?
Interesting point. So to modify your htaccess to be compatible with falcon we obviously need write access. But once you’ve enabled falcon I’m parsing your comment to understand that you’d really like to make it read-only again and have the IP blocking updates not write to your .htaccess but do it the traditional way – or at least you’d like the option to do that, correct?
PS: Marking this unresolved until you’re happy with my responses.
Thread Starter
allm
(@realblueorange)
@mark
Thanks for your reply. I fully understand what must be going on at your end.
I see that you only prepend to the .htaccess file, so that looks fine to me. I’ll check it out on a test site and see what code is added.
With regard to the question about IP blocking / .htaccess:
Your interpretation is correct.
If the Falcon additions to htaccess are one-time only I could make the .htaccess writable, enable Falcon and make it non-writable again.
But I guess you need to have the .htaccess writable for IP blocking as well. That is why I asked if the “old” way of IP blocking is still an option in Wordfence 5. If that is the case I would be happy to use that and I assume that will work because there are no other moments that Wordfence needs write access to htaccess. If not, I guess 640 permissions would be as tight as I can go on htaccess isn’t it?
And another question: is Live traffic still available, even with Falcon off? I am getting confused with all these different messages.
I appreciate fully the work you and your team are doing. In your shoes I would probably have opted for a separate plugin, but on the other hand: I don’t have all the ins and outs you do.
Keep up the good work!
