WordPress.org

Support

Support » Plugins and Hacks » Wordfence Security » [Resolved] Falcon engine, why not a separate plugin?

[Resolved] Falcon engine, why not a separate plugin?

  • allm

    @realblueorange

    @mark

    I am wondering why the falcon engine was not made into a separate plugin. It seems so out of place in WordFence. Having it as a separate plugin would give people an easy choice if they wanted to use that. Now the plugin that I have come to like very much has a large unknown chunk in it that I really don’t need.

    I guess a lot of your user base already has some kind of caching going on.

    Furthermore, where can I find what the new version will do to my .htaccess and under what circumstances? I have my own .htaccess and don’t want WordFence to mess with it. But I still want to be able to block IP’s. I was happy with the way it was.

    Mark, would you reconsider adding falcon engine to Wordfence? A separate plugin seems to be the optimal way to go.

    https://wordpress.org/plugins/wordfence/

Viewing 15 replies - 1 through 15 (of 18 total)
  • Plugin Author Wordfence

    @mmaunder

    We made a strategic decision to go this route because we see performance and security as closely linked. We also discovered a way to provide better performance for WordPress sites than the existing caching plugins available.

    As our user needs become apparent we will be adding more documentation. Keep in mind that understanding mod_rewrite rules is above the average consumer. However if you’re interested, I’d encourage you to simply read your .htaccess once falcon is enabled and it’s fairly clear what we’re doing there. If you have any questions I’m happy to answer them here.

    Regards,

    Mark.

    allm

    @realblueorange

    @mark

    I understand you made a strategic decision, but I still don’t understand why you and your team decided to go this route. But OK, it is up to you I guess…

    Before I can update to the new version I really need to know what changes are made to the .htaccess file. Are there only additions? And what are they? Or does it try to make changes as well? And what changes?

    And besides: out of security reasons I have made my .htaccess unwritable. Do you want me to change that and make it less secure?

    Can I still block IP’s the “old” way? Without Wordfence messing with my htaccess?

    Hope you can find some time to answer this. Thanks in advance!

    Plugin Author Wordfence

    @mmaunder

    That’s your choice, but your htaccess needs to be writable to use any caching plugin including Falcon that modifies your htaccess.

    If you don’t like Falcon, please just leave it disabled.

    Regards,

    Mark.

    allm

    @realblueorange

    @mark

    Thanks for your quick answer. I am a happy user of WordFence so far, so I am really appreciative of the work you do. Forgive me if I sound a little harsh about recent developments. It comes from a desire to make WordFence into an even better product for all.

    I might (come to) like Falcon. Still haven’t found the courage to upgrade. From my experience I know it is a big thing to integrate 2 complicated functions. But… I won’t go into that any further.

    I missed an answer to the next questions: (or can it be found somewhere?):

    Before I can update to the new version I really need to know what changes are made to the .htaccess file. Are there only additions? And what are they? Or does it try to make changes as well? And what changes?
    Can I still block IP’s the “old” way? Without Wordfence messing with my htaccess?

    @allm

    I was a little leery about upgrading too. Once I did, I discovered that Falcon is disabled by default, and nothing changed with .htaccess unless you enable the caching option.

    allm

    @realblueorange

    @seeker286

    Thanks for chipping in. I understand that .htaccess will not be changed until I turn Falcon on. That is a good thing.

    But I also understood that blocking IPs will result in a different .htaccess.

    @mark
    So I still would like to know the answer to the following questions from Mark, as they are essential before I can check out Falcon or use the new Wordfence in general:

    I really need to know what changes are made to the .htaccess file. Are there only additions? And what are they? Or does it try to make changes as well? And what changes? Under what circumstances are these changes made?

    And in another thread I said that out of security reasons I’ve made my .htaccess unwritable for all. Apparently I need to lessen that security to give the new WordFence access. But that will give that access to other plugins as well. That is why I need to know the answer to this (as I like to have my .htaccess fully blocked):
    Can I still block IP’s the “old” way? Without Wordfence changing my htaccess?

    I also don’t want to use Falcon Engine. I use WP Super Cache which I’m happy with. I have no experience with Falcon Engine and don’t want to spend the time to look into it. In the two minutes I did spend to search for Falcon Engine v WP Super Cache, I found the following:

    https://wordpress.org/support/topic/what-exactly-does-falcon-engine-questions-on-features-xmlrpc-options-cache?replies=7

    I am using the paid version of Wordfence and have been afraid to update since the version introducing Falcon Engine. If I understand correctly, Falcon Engine is turned on by default but it seems that the IP blocking feature to block foreign IP addresses won’t work if it’s turned off. That’s the only reason I am paying for Wordfence.

    Please let me know if this is correct. If it is, I will have to cancel my account.

    @PhillEsq,
    I have been using the falcon engine, and I can tell you it’s ‘Disabled’ by default. When you enable it, you will be prompted to download a backup copy of the .htaccess file before it actually enables.

    allm

    @realblueorange

    @mark
    I hope you still see my previous questions in this thread, in spite of the 2 other remarks that followed…

    @philesq
    I did not say thay I don’t want to use Falcon. I am (and my customers are) a happy user of WordFence, but I have my doubts about the recent integration of caching. If it works I’ll be happy to use it, but I am cautious.
    I take security seriously, so that is why I need to know what is changing (with htaccess) and under what circumstances.

    The user at the link above found that Falcon Engine wasn’t caching the homepage. He said “I uninstalled WP Super Cache and enabled Falcon in a test site, and the very first thing I can tell, is that Falcon Engine set to that “30 to 50 Times speed increase” super duper cache mode, is only caching the home page.”

    Is this true?

    Another user (http://lizardwebs.net/web-services/wordpress-websites/testing-wordfence-falcon-caching-engine/)
    wrote:

    Right now, I’m using it on ONLY my own sites and not client sites as I really don’t know the answers to the above questions. Until I do, I’ll keep it where it won’t cause issues! Though I *DO* love that Falcon SPEED!
    Verdict: Use it for your own site until they start implementing some of the other changes above.

    The problem I have is that Wordfence should be busy enough working on Wordfence and should probably avoid adding an entirely different project. This is precisely the problem causing the failure of many large companies.

    I am using Wordfence on a WordPress multisite with multidb using 16 separate databases for 270 websites. I’m really reluctant to test out another caching engine for the fear of causing a big problem. Although the user at the link directly above likes Falcon Engine, he advises not using it for client websites. Although my 270 websites are mine, I can’t use it if someone who likes it is advising not to use it on client websites.

    @steve,

    I wrote, “If I understand correctly, Falcon Engine is turned on by default but it seems that the IP blocking feature to block foreign IP addresses won’t work if it’s turned off. That’s the only reason I am paying for Wordfence.”

    Is that correct?

    allm

    @realblueorange

    @mark
    Hope you can still find my questions about htaccess.

    @philesq
    My questions about htaccess are what this thread is about, and you keep posting your own things, which is fine, but a separate thread for that would be better I guess.

    @PhillEsq,

    I’m afraid I can’t confirm or deny the country blocking, as I haven’t upgraded to the paid version. But the ‘on by default’ is not correct.

    I also read about the homepage only caching and did some testing.

    I observed an impressive performance improvement of a (non-homepage) gallery page on my test site.

    However, as it’s early days, I’m inclined to agree with your verdict.

    @allm,
    Sorry, the title of the thread is “Falcon engine, why not a separate plugin?” so I thought I was in the right place.

    Plugin Author Wordfence

    @mmaunder

    @allm:

    Sorry about the delay on this. It’s been a crazy week. (for all of us in the infosec space!!)

    I really need to know what changes are made to the .htaccess file. Are there only additions? And what are they? Or does it try to make changes as well? And what changes? Under what circumstances are these changes made?

    No we don’t edit your existing entries. The first change is that we prepend our code to your existing code and our code is enclosed in a block starting and ending with comments containing ‘WFCACHECODE’ without quotes.

    The second change is that we prepend a block of code that handles IP blocks, range blocks and user agent blocks. This block is enclosed in comments starting and ending with ‘WFIPBLOCKS’.

    And in another thread I said that out of security reasons I’ve made my .htaccess unwritable for all. Apparently I need to lessen that security to give the new WordFence access. But that will give that access to other plugins as well. That is why I need to know the answer to this (as I like to have my .htaccess fully blocked):
    Can I still block IP’s the “old” way? Without Wordfence changing my htaccess?

    Interesting point. So to modify your htaccess to be compatible with falcon we obviously need write access. But once you’ve enabled falcon I’m parsing your comment to understand that you’d really like to make it read-only again and have the IP blocking updates not write to your .htaccess but do it the traditional way – or at least you’d like the option to do that, correct?

    PS: Marking this unresolved until you’re happy with my responses.

Viewing 15 replies - 1 through 15 (of 18 total)
  • The topic ‘[Resolved] Falcon engine, why not a separate plugin?’ is closed to new replies.
Skip to toolbar