WordPress.org

Ready to get started?Download WordPress

Forums

Wordfence Security
[resolved] What exactly does Falcon Engine? Questions on features, XMLRPC, options, cache.. (12 posts)

  1. Marcelo Pedra
    Member
    Posted 4 months ago #

    Falcon Engine takes a website that is serving 16 pages per second and attaches a jet engine, pours on jet fuel and turns on the afterburner. It supercharges your website so that it can serve up to 800 pages per second.

    Well, nice copywriting. I know is a new prodcut, but there is almost no FAQ, no extense technical info on how to configure it. Now to the facts.

    Issue 1:
    I uninstalled WP Super Cache and enabled Falcon in a test site, and the very first thing I can tell, is that Falcon Engine set to that "30 to 50 Times speed increase" super duper cache mode, is only caching the home page. This is from what I can tell after enabling the debug option and browsing the site all along. Only the homepage source code is showing the cache information, and only the html file for the home page was created inside the wfcache folder. Is it a bug?

    Issue 2:
    Also regarding Falcon, what exactly does Falcon with the cache when it is set to "2 to 3 Times speed increase" or "30 to 50 Times speed increase"? Using the first option, I dont see any changes in the .htaccess file. Also, no improvements in browsing speeds. For what I've seen, "2 to 3 Times speed increase"="No performance improvement". Or is it a bug?

    Issue 3:
    The IP blocker will block IPs using htaccess, ONLY IF Falcon Engine is active? It's just a marketing thing? Why can't it use the htaccess file to set blocked IPs even with Falcon inactive? It's the scope of a security package to provide the best protection with the best reliability and performance, and until now, I couldnt see cache working. Yet, the htaccess IP blocking works marvelously, and I suggest you to use .htaccess rules to block IPs EVEN WITH FALCON DISABLED. This will improve WordFence for people who dont feel comfy abandoning plugins like W3TC.

    Issue 4:
    I noticed the option to disable XML RPC. Nice. But... how are you disabling it? I didnt see an entry in .htaccess. Are you using the filter? add_filter( 'xmlrpc_enabled', '__return_false' );
    That's the recommended way. Please confirm.

    Issue 5:
    One more thing about Falcon. How does it manage ajax, CDNs, browser cache, garbage collection, minification, all the things usually configurable in the major cache systems... The lack of settings options made me uncomfy. And please take in account that I love WordFence very much, I even purchased a license. So, all these annotations are made with love in mind :) Said that, I dont think adding a cache system is a good move. All the major pros using WordFence are already using W3TC too, or even WP Super Cache for humble sites. I'd rather prefer to see a module to integrate WordFence with W3TC, as they provide the options to add compatibility and "team work" between plugins. Trying to replace a good known plugin will make you work hard and lose focus in what you already are doing very well: keep sites secure. Dont try to replace cache plugins, unite. I hope it's not too late, there are lots of things you can implement to keep sites safer without having to develope a caching feature.

    Issue 6:
    In despite of the above items, will all these new features have any difference between free version and the licensed one?

    And that's all by now.
    Hope to read soon your answers for every issue. It will clarify lots of things, hopefully :)

    My best regards,

    https://wordpress.org/plugins/wordfence/

  2. allm
    Member
    Posted 4 months ago #

    I support your thread wholeheartedly. Especially issue 5. Including a caching engine seems really a strange move. I guess a lot of people will disable it but the source code (and memory usage, and room for error) is probably a lot larger in the new version. I hope it is not too late and Wordfence will be de-falconized soon.

    Apart from that I would really like to know how the .htaccess is changed. I have my own .htaccess custom-made, and like to be sure that nothing gets in the way of what I am doing there.

  3. crzyhrse
    Member
    Posted 4 months ago #

    I am using wp super cache for my "humble" site :-) , along with cloudflare (please addressed specifically?), and seem to be doing well with the previous version of wordfence, and so want to ditto these well considered questions, including about the .htaccess file...

    I'd like to see them answered when you can, in the midst of all the other things you are dealing with here, which I am also watching before I jump into this new version...

  4. Wordfence
    Member
    Plugin Author

    Posted 4 months ago #

    Wow. OK I'm a little pressed for time, so I'm going to quote your message and try to respond, but it may look a little messy and I apologize for that:

    Well, nice copywriting. I know is a new prodcut, but there is almost no FAQ, no extense technical info on how to configure it.

    --Yes thats because we just released it. Cut us a little slack here. The product has been available to the general public for about 12 hours, so we really need guidance from the community what the doc needs are. Will be fixing this.

    Now to the facts.

    Issue 1:
    I uninstalled WP Super Cache and enabled Falcon in a test site, and the very first thing I can tell, is that Falcon Engine set to that "30 to 50 Times speed increase" super duper cache mode, is only caching the home page. This is from what I can tell after enabling the debug option and browsing the site all along. Only the homepage source code is showing the cache information, and only the html file for the home page was created inside the wfcache folder. Is it a bug?

    --Yes it could be. Please upgrade to 5.0.2 which fixes a bug that caused sites in a subdirectory to not cache pages. Then clear your cache and also disable and reenable caching to be safe. Let me know how this goes and please start a thread for this specific issue if it still exists. I'd like to resolve it for you.

    Issue 2:
    Also regarding Falcon, what exactly does Falcon with the cache when it is set to "2 to 3 Times speed increase" or "30 to 50 Times speed increase"? Using the first option, I dont see any changes in the .htaccess file. Also, no improvements in browsing speeds. For what I've seen, "2 to 3 Times speed increase"="No performance improvement". Or is it a bug?

    --No it's not a bug. Basic caching uses PHP to serve up pages that are stored on disk. So PHP, WordPress and Wordfence execute and interrupt execution to serve up a pre-rendered page early in the execution cycle. This provides a nice speed increase without having to edit your .htaccess. Some sites can't do this which is why we included the feature. If you aren't seeing a performance gain, my guess is that your site does some heavy lifting early on in the execution cycle and this bottleneck isn't solved by basic caching. Falcon Engine modifies your .htaccess to have your web server serve pre-rendered pages directly to the user. We use a different directory structure which reduces stat() activity on your server disk and is therefore faster and gets better performance than other caching plugins. Please see http://www.wordfence.com/blog/ for more info on this.

    Issue 3:
    The IP blocker will block IPs using htaccess, ONLY IF Falcon Engine is active? It's just a marketing thing? Why can't it use the htaccess file to set blocked IPs even with Falcon inactive? It's the scope of a security package to provide the best protection with the best reliability and performance, and until now, I couldnt see cache working. Yet, the htaccess IP blocking works marvelously, and I suggest you to use .htaccess rules to block IPs EVEN WITH FALCON DISABLED. This will improve WordFence for people who dont feel comfy abandoning plugins like W3TC.

    --Noted. And no, it's not a marketing thing.

    Issue 4:
    I noticed the option to disable XML RPC. Nice. But... how are you disabling it? I didnt see an entry in .htaccess. Are you using the filter? add_filter( 'xmlrpc_enabled', '__return_false' );
    That's the recommended way. Please confirm.

    --Yes. Line 341 of version 5.0.2.

    Issue 5:
    One more thing about Falcon. How does it manage ajax, CDNs, browser cache, garbage collection, minification, all the things usually configurable in the major cache systems... The lack of settings options made me uncomfy. And please take in account that I love WordFence very much, I even purchased a license. So, all these annotations are made with love in mind :) Said that, I dont think adding a cache system is a good move. All the major pros using WordFence are already using W3TC too, or even WP Super Cache for humble sites. I'd rather prefer to see a module to integrate WordFence with W3TC, as they provide the options to add compatibility and "team work" between plugins. Trying to replace a good known plugin will make you work hard and lose focus in what you already are doing very well: keep sites secure. Dont try to replace cache plugins, unite. I hope it's not too late, there are lots of things you can implement to keep sites safer without having to develope a caching feature.

    --We made a strategic decision to add performance as a core feature in Wordfence because performance and security are one and the same thing. If your site can handle 800+ requests per second, a DDoS attack becomes almost a moot point, depending on your config. Also please benchmark us against W3TC and WPSC before you pass judgement. I think you'll be pleasantly surprised.

    Issue 6:
    In despite of the above items, will all these new features have any difference between free version and the licensed one?

    --Not at this stage and no current plans. We won't be doing a bait and switch where we take a currently free feature and make it paid. Our philosophy is to generally charge for features that actually cost us money.

    And that's all by now.
    Hope to read soon your answers for every issue. It will clarify lots of things, hopefully :)

    --No problem. I'd really like to get your support for Falcon and the direction we're taking. Please be clear: We're not open to debating whether this feature should or should not be part of Wordfence. We did our research, debated it internally and made the call. If you don't like it, simply don't use the feature and use your favorite other-caching plugin. But The performance you'll get with Falcon will give you a faster site (at least according to our benchmarks) than any other major caching plugin. Features like minification may seem like a good idea, but when you're already serving up your pages compressed using gzip/deflate, why would you want to remove whitespace from your pages? They already arrive compressed at the client side. Object and database caching may seem like a great idea, but have you benchmarked it? We showed a 10% performance gain with DB caching in a major plugin. It feels good to enable it, but really delivers little gains. What we've done here is focus on the really big win which is to serve pre-rendered pages directly from your server's disk while simultaneously reducing the number of filesystem stats the server has to do. The performance gain you get is unbelievable - it's around 3000% to 5000%.

    That's all for now. Again, I"m pressed for time and would have liked to share more but I thought you deserved a longer response so I hope that helps.

    Regards,

    Mark.

  5. martingfisher
    Member
    Posted 4 months ago #

    Mark, thanks for taking the time to address these concerns and to Marcelo for his questions that mirror my own so precisley.

    I agree performance and protection are mutual bedfellows and thats why I use Cloudflare. Is the system copativble with Cloudflare? I ask as i have just had my first outage on http://www.globallifecover.com since we went live 2 months ago and it *may* have coincided with Falcon. (I say may because the time window was 30 mins so it could be a coincidence).

    I would be greatly reassured to hear that it was tested against Cloudflare and that the two can live happily together.

    Many thanks
    Martin

  6. Marcelo Pedra
    Member
    Posted 4 months ago #

    Hello Mark, thanks so much for taking enough time too to bring a good set of answers. Boy you deserve it. I will quoting too to improve reading:

    The product has been available to the general public for about 12 hours, so we really need guidance from the community what the doc needs are. Will be fixing this.

    I understand. For what I readed in the comments, I'm not the only one asking the same questions. Please consider add these ones to the FAQ here at WP and your site. How Falcon works, explained for the geeks who want to know what will be htaccessed/htmlized/ and how, and when, as you just answered above.

    Please upgrade to 5.0.2 which fixes a bug that caused sites in a subdirectory to not cache pages. Then clear your cache and also disable and reenable caching to be safe. Let me know how this goes and please start a thread for this specific issue if it still exists. I'd like to resolve it for you.

    I did the upgrade to 5.0.2. I didnt noticed any difference. The homepage is still the only page being cached. I will open a new thread regarging this. Probably has to do with something in the taxonomies or the server configuration...

    Basic caching uses PHP to serve up pages that are stored on disk. So PHP, WordPress and Wordfence execute and interrupt execution to serve up a pre-rendered page early in the execution cycle. This provides a nice speed increase without having to edit your .htaccess. Some sites can't do this which is why we included the feature. If you aren't seeing a performance gain, my guess is that your site does some heavy lifting early on in the execution cycle and this bottleneck isn't solved by basic caching. Falcon Engine modifies your .htaccess to have your web server serve pre-rendered pages directly to the user. We use a different directory structure which reduces stat() activity on your server disk and is therefore faster and gets better performance than other caching plugins. Please see http://www.wordfence.com/blog/ for more info on this.

    For what you say, is "Basic caching" something like the "Late Init" you can find at WPSC or W3TC? It allows PHP to be executed and load the cached file early in the execution cycle, and does yours use transients to remember queries? something in the headers to force browser cache? My two test sites where I tested Falcon werent really accelerated by using Basic Cache nor Falcon Cache.

    Also please benchmark us against W3TC and WPSC before you pass judgement. I think you'll be pleasantly surprised.

    I benchmarked the load using webpagetest.org. These are the results, expressed as seconds required to fully load the test page in the first view, then second view:

    http://paisajesmundiales.com.ar/2013/el-desierto-de-badain-jaran (a small gallery, 1140 KB total)
    WITH NO CACHE: 9.679, 5.063
    WordFence Basic Cache: 9.875, 5.011
    Wordfence's Falcon: 8.957, 5.625
    WITH W3 TOTAL CACHE: 8.707, 3.072

    http://paisajesmundiales.com.ar/ (some humble posts excerpts in a home, 3016 KB total)
    WITH NO CACHE: 9.835, 9.445
    WordFence Basic Cache: 9.551, 8.346
    Wordfence's Falcon: 8.172, 6.980
    WITH W3 TOTAL CACHE: 9.011, 2.737

    All the test were taking measuring from AR simulating Chrome browser. And note that the server is in the USA. I'm testing what my target useers will see.
    W3TC was configured as I know it really works well: Page Enhanced + Browser Cache. Nothing else.

    Surprised? Not yet. Still not impressed :D

    I suggest you to use .htaccess rules to block IPs EVEN WITH FALCON DISABLED. This will improve WordFence for people who dont feel comfy abandoning plugins like W3TC.

    THIS will be a really good performance improvement. If you block IPs in the very first lines of .htaccess, it won't require a single piece of PHP/HTML to be executed/retrieved and abusers won't almost even consume your bandwidth.
    This is an easy one to implement. Hope to see that soon ;)

    Disabling XML RPC is using the official filter, confirmed.
    Line 341 of version 5.0.2.

    This is the BEST XML-RPC filtering management I've seen. iThemes offers it but it's to aggresive since they block access directly from htaccess. Others are doing the same. I was using the filter in functions.php but having this inside Wordfence is better.
    Although, you should warn users in the option page that XML RPC is being disabled by default and could break some things, like remote publishing.

    Please be clear: We're not open to debating whether this feature should or should not be part of Wordfence. We did our research, debated it internally and made the call. If you don't like it, simply don't use the feature and use your favorite other-caching plugin. But The performance you'll get with Falcon will give you a faster site (at least according to our benchmarks) than any other major caching plugin. Features like minification may seem like a good idea, but when you're already serving up your pages compressed using gzip/deflate, why would you want to remove whitespace from your pages? They already arrive compressed at the client side. Object and database caching may seem like a great idea, but have you benchmarked it? We showed a 10% performance gain with DB caching in a major plugin. It feels good to enable it, but really delivers little gains. What we've done here is focus on the really big win which is to serve pre-rendered pages directly from your server's disk while simultaneously reducing the number of filesystem stats the server has to do. The performance gain you get is unbelievable - it's around 3000% to 5000%.

    Ok, I respect your philosophy. If you think you can do a better cache than the most well known plugins in this community, be my guest. I will support it if it works the better. I know it's still green and you have to work it out, so let's see hoe better it may become. The feature I miss the most when setting Falcon is the possibility to use a CDN to pull the images from; and the settings for that field is a nightmare you'll have to sail deep in if the cache have to do a very good job with CDNs. Also, it shouldnt interfere with plugins like the official cloudflare one.

    Another thing concerning me about cache is, how long will Falcon wait before collecting garbage? I have site where I need the cache being regenerated every 2 hours, and other sites where the cache is recycled once a week! If Falcon will be collecting garbage several times a day in sites with hundreds of pages which are not willing to change a single bit during weeks or even months, it will add an extra, unneeded load to the cpu and ram usage. Will Falcon allow to deal with it? WPSC wasnt doing it right lastly, so that I switched to W3TC, which is hard to configure, but once you get it, it's like heaven in earth.

    I appreciate your efforts to provide an unified experience, security+performance. The only thing I hope is that you guys do it right, and dont screw the security part in the process. I have witnessed very bad experiences with brand new features added to well known plugins. It happened to JetPack, Shareaholic, BackWPup, iThemes Security, and even W3TC and WPSC theirselves... All of them wanted to leverage the experience but the very first results were a PITA. With time they fixed it. They worked it out during weeks while answering hundreds of threads written by angry people with pitchforks and torches. And they get over it and now they are the most downloaded plugins here.
    Hope you go in the same success road, but be warned, and prepare some gallons of coffee, you are entering the very intrincated jungle of cache possibilities, where it depends really if it's Linux or Windows, or if WP it's installed in the root folder, in a subfolder, in a subdomain, or even in a root folder but using taxonomies like if it were in a subfolder (I have one site like this).

    Oh and before I forget, another question: how will be Falcon dealing with logged in users? how will it be caching dynamic pages if it won't deal with objects? Logged in users will still experience a non-cached version of the site? I really love how W3TC deal with this particular thing. Database cache is not something I miss, I use MySQL cache in the server, so the queries are cached from the very beginning.

    My best regards,
    Marcelo

  7. Marcelo Pedra
    Member
    Posted 4 months ago #

    @martingfisher: be wary with the settings of CloudFlare. I use it, but minification is not a good solution, usually. Use it as CDN Only. Use Gzip Deflate from your server to compact files like HTML/CSS/JS. Set a large expiry time (TTL) to images and documents if you are not updating them very frequently.
    And use the CloudFlare plugin for better compatibility. If you manage your own VPS, and is using cPanel, you can even install the CloudFlare Apache mod to improve the interactions with the CloudFlare cloud.
    Good luck

  8. CaptainsLog
    Member
    Posted 4 months ago #

    I for one am sick of hearing about W3TC being so good. I have never found it to work well, and I've tried. It requires specific Apache mods that you the plugin itself can't tell you if they are active or not. More times than not, it takes too much time to setup and often it ends up slowing down my sites, rather than speeding them up. Yeah, I'm probably not setting it up correctly, but here's the thing, it is hard to setup correctly. That's why they have an option to charge for getting it setup. They've been out for so long, and they haven't figured out a way to make it easier to get it setup properly.

    So, when I took a slight chance and activated Falcon to see what it did. Simple. Performance was blazing. BLAZING. W3TC NEVER did that for any site, even after hours and hours of trying to configure it and trying to get some basic support. NEVER.

    THANK YOU! for making Falcon available.

    Finally something simple, easy and effective.

    Complexity for complexity sake seems important and brainy, but I don't need to impress myself with tweaking for tweaking sake. Right now I think Falcon is the best thing out there.

    And as far as complexity for complexity sake, go try BulletProof Security. And if you really want to sink yourself, try BulletProof Pro. What a joke. That's another one that you need to pay to have configured.

  9. theatereleven
    Member
    Posted 3 months ago #

    I just want to pipe in and say that I LOVE WordFence, and equally love the new caching engine. I haven't rolled Falcon out to all my sites, testing now, but the site I have it on sure seems snappy.

    I personally despise the other caching plugins. WP Super Cache was so flaky I had to remove it from all of my sites. Got tired of it just randomly white screening a website - not cool.

    So far so good with WordFence Falcon.

    Thanks again devs. Freaking awesome.

  10. Wordfence
    Member
    Plugin Author

    Posted 3 months ago #

    Thanks guys, this really means a lot to us. Great to hear.

    The newest release includes some nice enhancements for Falcon e.g. if your site for some reason returns a page that appears too small (less than 1000 bytes which is tiny for a web page) Falcon won't cache that because it's usually some sort of error on your site when a page is that small. (Average web page size is 1246,000 bytes in 2014. So we won't accidentally cache blank pages or weird responses.

    Regards,

    Mark.

  11. iskandarX
    Member
    Posted 1 month ago #

    Falcon Engine are very awesome! It have been beat wp super cache for speeding my site 50% from what wpsc done before. love this futures I do hope to enjoy more the update in future.

  12. cloudduster
    Member
    Posted 1 month ago #

    As a humble blogger, I love falcon engine because I don't have to force myself to understand the jargon in the world.

Reply

You must log in to post.

About this Plugin

About this Topic

Tags

No tags yet.