Hi Masorb, as far as I know as a heavy Wordfence user, Colorbox only loads if you’re logged in as an admin. Not quite as bad as it doing it all the time, but still, every little bit counts. Especially if you’ve got several admins who are in there quite a bit, depending on css caching settings…
Of more concern is Google Site Search, Facebook and other bloated stuff that loads enormous amounts of totally unused CSS, often not minified. Frustrating to say the least. Especially Google, who on the one hand tell us to run tighter sites, but then their CSS for one little search box is about 10 times larger than my theme css. Lame, to put it mildly.
MTN
I got curious and deleted all the CSS in Colorbox.css, reloaded, Wordfence admin seems to look exactly the same, nothing seems broken. Ah, the mysteries of bloat. MTN
Thread Starter
maorb
(@maorb)
I think there’s no reason to load colorbox for logged in admin users in the frontend of the site, unless WF does a certain use of it on frontend. The is_admin() should be used also for logged in administrators, to prevent loading of Colorbox css and js in frontend.
I’d be happy if this could be implemented in next plugin release, or to get the logic of the need of it in frontend for logged in admins.
Thanks.
Hi maorb,
The latest version makes the script/styles optional. This was loaded on all pages only for admins, for a dialog box that helps you whitelist background requests (ajax) that could be blocked by the firewall.
If you don’t need this feature, you can now go to the Firewall page, and under the section that says “Monitor Background Requests for False Positives”, you can turn it off the front end or admin pages. (More details here: https://docs.wordfence.com/en/WAF#Whitelisted_URLs )
-Matt R
Thread Starter
maorb
(@maorb)
@wfmattr, thanks a lot for the explaination and for the option to turn this off.
Thread Starter
maorb
(@maorb)
@wfmattr, does the option to disable the feature is available only from V6.1.10 ?
Thanks
Yes, if you update to 6.1.10, you should be able to see it on the Firewall page.
-Matt R
Thanks for info Matt. I’m still a bit confused by this even after reading the doc, if I disable “Monitor Background Requests” does this reduce actual firewall security level in any way, or does doing so just disable a messaging/monitoring function? Thanks for any clarification. MTN
Disabling these two options does not reduce security, and it only prevents the script from notifying you if a background request (ajax) from your browser is blocked while you’re logged in as an admin. It may just make it harder to notice false positives, though they should also be rare after learning mode is complete.
-Matt R
