WordPress.org

Ready to get started?Download WordPress

Forums

Wordfence Security
[resolved] Falcon engine, why not a separate plugin? (19 posts)

  1. allm
    Member
    Posted 10 months ago #

    @Mark

    I am wondering why the falcon engine was not made into a separate plugin. It seems so out of place in WordFence. Having it as a separate plugin would give people an easy choice if they wanted to use that. Now the plugin that I have come to like very much has a large unknown chunk in it that I really don't need.

    I guess a lot of your user base already has some kind of caching going on.

    Furthermore, where can I find what the new version will do to my .htaccess and under what circumstances? I have my own .htaccess and don't want WordFence to mess with it. But I still want to be able to block IP's. I was happy with the way it was.

    Mark, would you reconsider adding falcon engine to Wordfence? A separate plugin seems to be the optimal way to go.

    https://wordpress.org/plugins/wordfence/

  2. Wordfence
    Member
    Plugin Author

    Posted 10 months ago #

    We made a strategic decision to go this route because we see performance and security as closely linked. We also discovered a way to provide better performance for WordPress sites than the existing caching plugins available.

    As our user needs become apparent we will be adding more documentation. Keep in mind that understanding mod_rewrite rules is above the average consumer. However if you're interested, I'd encourage you to simply read your .htaccess once falcon is enabled and it's fairly clear what we're doing there. If you have any questions I'm happy to answer them here.

    Regards,

    Mark.

  3. allm
    Member
    Posted 10 months ago #

    @Mark

    I understand you made a strategic decision, but I still don't understand why you and your team decided to go this route. But OK, it is up to you I guess...

    Before I can update to the new version I really need to know what changes are made to the .htaccess file. Are there only additions? And what are they? Or does it try to make changes as well? And what changes?

    And besides: out of security reasons I have made my .htaccess unwritable. Do you want me to change that and make it less secure?

    Can I still block IP's the "old" way? Without Wordfence messing with my htaccess?

    Hope you can find some time to answer this. Thanks in advance!

  4. Wordfence
    Member
    Plugin Author

    Posted 10 months ago #

    That's your choice, but your htaccess needs to be writable to use any caching plugin including Falcon that modifies your htaccess.

    If you don't like Falcon, please just leave it disabled.

    Regards,

    Mark.

  5. allm
    Member
    Posted 10 months ago #

    @Mark

    Thanks for your quick answer. I am a happy user of WordFence so far, so I am really appreciative of the work you do. Forgive me if I sound a little harsh about recent developments. It comes from a desire to make WordFence into an even better product for all.

    I might (come to) like Falcon. Still haven't found the courage to upgrade. From my experience I know it is a big thing to integrate 2 complicated functions. But... I won't go into that any further.

    I missed an answer to the next questions: (or can it be found somewhere?):

    Before I can update to the new version I really need to know what changes are made to the .htaccess file. Are there only additions? And what are they? Or does it try to make changes as well? And what changes?
    Can I still block IP's the "old" way? Without Wordfence messing with my htaccess?

  6. seeker286
    Member
    Posted 10 months ago #

    @allm

    I was a little leery about upgrading too. Once I did, I discovered that Falcon is disabled by default, and nothing changed with .htaccess unless you enable the caching option.

  7. allm
    Member
    Posted 10 months ago #

    @seeker286

    Thanks for chipping in. I understand that .htaccess will not be changed until I turn Falcon on. That is a good thing.

    But I also understood that blocking IPs will result in a different .htaccess.

    @Mark
    So I still would like to know the answer to the following questions from Mark, as they are essential before I can check out Falcon or use the new Wordfence in general:

    I really need to know what changes are made to the .htaccess file. Are there only additions? And what are they? Or does it try to make changes as well? And what changes? Under what circumstances are these changes made?

    And in another thread I said that out of security reasons I've made my .htaccess unwritable for all. Apparently I need to lessen that security to give the new WordFence access. But that will give that access to other plugins as well. That is why I need to know the answer to this (as I like to have my .htaccess fully blocked):
    Can I still block IP's the "old" way? Without Wordfence changing my htaccess?

  8. PhilEsq
    Member
    Posted 10 months ago #

    I also don't want to use Falcon Engine. I use WP Super Cache which I'm happy with. I have no experience with Falcon Engine and don't want to spend the time to look into it. In the two minutes I did spend to search for Falcon Engine v WP Super Cache, I found the following:

    https://wordpress.org/support/topic/what-exactly-does-falcon-engine-questions-on-features-xmlrpc-options-cache?replies=7

    I am using the paid version of Wordfence and have been afraid to update since the version introducing Falcon Engine. If I understand correctly, Falcon Engine is turned on by default but it seems that the IP blocking feature to block foreign IP addresses won't work if it's turned off. That's the only reason I am paying for Wordfence.

    Please let me know if this is correct. If it is, I will have to cancel my account.

  9. Steve
    Member
    Posted 10 months ago #

    @PhillEsq,
    I have been using the falcon engine, and I can tell you it's 'Disabled' by default. When you enable it, you will be prompted to download a backup copy of the .htaccess file before it actually enables.

  10. allm
    Member
    Posted 10 months ago #

    @Mark
    I hope you still see my previous questions in this thread, in spite of the 2 other remarks that followed...

    @PhilEsq
    I did not say thay I don't want to use Falcon. I am (and my customers are) a happy user of WordFence, but I have my doubts about the recent integration of caching. If it works I'll be happy to use it, but I am cautious.
    I take security seriously, so that is why I need to know what is changing (with htaccess) and under what circumstances.

  11. PhilEsq
    Member
    Posted 10 months ago #

    The user at the link above found that Falcon Engine wasn't caching the homepage. He said "I uninstalled WP Super Cache and enabled Falcon in a test site, and the very first thing I can tell, is that Falcon Engine set to that "30 to 50 Times speed increase" super duper cache mode, is only caching the home page."

    Is this true?

    Another user (http://lizardwebs.net/web-services/wordpress-websites/testing-wordfence-falcon-caching-engine/)
    wrote:

    Right now, I’m using it on ONLY my own sites and not client sites as I really don’t know the answers to the above questions. Until I do, I’ll keep it where it won’t cause issues! Though I *DO* love that Falcon SPEED!
    Verdict: Use it for your own site until they start implementing some of the other changes above.

    The problem I have is that Wordfence should be busy enough working on Wordfence and should probably avoid adding an entirely different project. This is precisely the problem causing the failure of many large companies.

    I am using Wordfence on a WordPress multisite with multidb using 16 separate databases for 270 websites. I'm really reluctant to test out another caching engine for the fear of causing a big problem. Although the user at the link directly above likes Falcon Engine, he advises not using it for client websites. Although my 270 websites are mine, I can't use it if someone who likes it is advising not to use it on client websites.

  12. PhilEsq
    Member
    Posted 10 months ago #

    @Steve,

    I wrote, "If I understand correctly, Falcon Engine is turned on by default but it seems that the IP blocking feature to block foreign IP addresses won't work if it's turned off. That's the only reason I am paying for Wordfence."

    Is that correct?

  13. allm
    Member
    Posted 10 months ago #

    @Mark
    Hope you can still find my questions about htaccess.

    @PhilEsq
    My questions about htaccess are what this thread is about, and you keep posting your own things, which is fine, but a separate thread for that would be better I guess.

  14. Steve
    Member
    Posted 10 months ago #

    @PhillEsq,

    I'm afraid I can't confirm or deny the country blocking, as I haven't upgraded to the paid version. But the 'on by default' is not correct.

    I also read about the homepage only caching and did some testing.

    I observed an impressive performance improvement of a (non-homepage) gallery page on my test site.

    However, as it's early days, I'm inclined to agree with your verdict.

  15. PhilEsq
    Member
    Posted 10 months ago #

    @allm,
    Sorry, the title of the thread is "Falcon engine, why not a separate plugin?" so I thought I was in the right place.

  16. Wordfence
    Member
    Plugin Author

    Posted 10 months ago #

    @allm:

    Sorry about the delay on this. It's been a crazy week. (for all of us in the infosec space!!)

    I really need to know what changes are made to the .htaccess file. Are there only additions? And what are they? Or does it try to make changes as well? And what changes? Under what circumstances are these changes made?

    No we don't edit your existing entries. The first change is that we prepend our code to your existing code and our code is enclosed in a block starting and ending with comments containing 'WFCACHECODE' without quotes.

    The second change is that we prepend a block of code that handles IP blocks, range blocks and user agent blocks. This block is enclosed in comments starting and ending with 'WFIPBLOCKS'.

    And in another thread I said that out of security reasons I've made my .htaccess unwritable for all. Apparently I need to lessen that security to give the new WordFence access. But that will give that access to other plugins as well. That is why I need to know the answer to this (as I like to have my .htaccess fully blocked):
    Can I still block IP's the "old" way? Without Wordfence changing my htaccess?

    Interesting point. So to modify your htaccess to be compatible with falcon we obviously need write access. But once you've enabled falcon I'm parsing your comment to understand that you'd really like to make it read-only again and have the IP blocking updates not write to your .htaccess but do it the traditional way - or at least you'd like the option to do that, correct?

    PS: Marking this unresolved until you're happy with my responses.

  17. allm
    Member
    Posted 10 months ago #

    @Mark

    Thanks for your reply. I fully understand what must be going on at your end.

    I see that you only prepend to the .htaccess file, so that looks fine to me. I'll check it out on a test site and see what code is added.

    With regard to the question about IP blocking / .htaccess:

    Your interpretation is correct.
    If the Falcon additions to htaccess are one-time only I could make the .htaccess writable, enable Falcon and make it non-writable again.

    But I guess you need to have the .htaccess writable for IP blocking as well. That is why I asked if the "old" way of IP blocking is still an option in Wordfence 5. If that is the case I would be happy to use that and I assume that will work because there are no other moments that Wordfence needs write access to htaccess. If not, I guess 640 permissions would be as tight as I can go on htaccess isn't it?

    And another question: is Live traffic still available, even with Falcon off? I am getting confused with all these different messages.

    I appreciate fully the work you and your team are doing. In your shoes I would probably have opted for a separate plugin, but on the other hand: I don't have all the ins and outs you do.

    Keep up the good work!

  18. Wordfence
    Member
    Plugin Author

    Posted 10 months ago #

    Hi,

    Yes live traffic still works with falcon off.

    OK we're going to decouple how we block IP's from whether you have caching enabled or not. So you can choose how you want to block IP addresses. Will be in the next release.

    Regards,

    Mark.

  19. allm
    Member
    Posted 10 months ago #

    @Mark

    That is much appreciated! I'll see it when it comes out.
    I'll set this to resolved.
    Best wishes!

Reply

You must log in to post.

About this Plugin

About this Topic