WordPress.org

Forums

Wordfence Security
Now no longer supported by WP engine. (4 posts)

  1. theconsultant_
    Member
    Posted 1 year ago #

    How annoying

    Due to duplicate functionality, Wordfence is being added to the WP Engine disallowed plugins list. All versions, old and new, will be banned as of April 29th. On May 6th, we will automatically remove the plugin from all of our hosted websites including the site we are contacting you about (theconsultant). There will be no exceptions to this rule.

    (To see our disallowed plugins list please visit http://wpengine.com/support/disallowed-plugins/)

    While Wordfence is a popular plugin amongst our user base, there were several things that led to this decision:

    The "Live Traffic" view in Wordfence has a tendency to cause database bloat on very popular sites by saving a detailed record of every visit to the database. This, in turn, slows down sites at times where performance really matters. Using a third party real-time analytics package is a better option for tracking live traffic with less performance issues.
    Both the IP and country blocking features in Wordfence have, on occasion, prevented valid visitors from seeing pages. On top of that, if the page is cached on our end, the blocking features do not work and the page can still be served up.
    Wordfence turns on the enforcement of strong passwords and the limiting of failed login attempts by default. These features duplicate and can interfere with functionality that we already provide as part of our core technology.
    A recent version of Wordfence added an HTML page caching layer called Falcon Engine that works less effectively than our existing EverCache technology.

    We politely disagree with Wordfence's claim that you can "increase your site performance by such a large margin that your site would continue to perform even under severe load conditions." There is no real way, at the software level, that you can effectively combat a DDoS attack that has saturated your network equipment. The attack never makes it to Apache or nginx because the traffic cannot even get through the router in either direction (to/from the server).

    While we applaud Wordfence for taking the initiative of adding caching, without solid control over the web hosts' service configurations (memcache, varnish, nginx, etc) it is very hard to provide a robust enough caching solution using a plugin.

    Because our caching layer is a feature that we already offer as a standard for our customers on every plan level, activating Falcon Engine would do nothing more than attempt to cache a cache. We have seen this break pages in all kinds of unfortunate ways. Obviously we want to avoid this!

    If you are currently using Wordfence on your site, and would like to switch to an alternative, we suggest you consider CloudFlare. CloudFlare includes much of the functionality of Wordfence that is not already included in our WP Engine system, without the functionality duplication and performance issues.

    https://wordpress.org/plugins/wordfence/

  2. johnblythe
    Member
    Posted 9 months ago #

    incredibly annoying indeed. just had a friend i help out move his site to WPE and i was floored that wordfence isn't allowed. it is what saved us from bruteforce attacks previously and now, even with a hodgpodge of other plugins, have attempts non stop with much less peace of mind now.

    monitor some people's excessive usage, don't ban it from all customers when most can benefit from it!

  3. theconsultant_
    Member
    Posted 9 months ago #

    I've been told you cna use cloudflare, but you'll need to check on that.

  4. WFSupport
    Member
    Plugin Author

    Posted 9 months ago #

    For some reason your link results in a 404. I think we have had this reported before. I believe it has something to do with duplicate functionality (caching). It's up to you to decide who best can host your website, and you won't ever see us in an public argument about this or degrading another company (not professional). My personal opinion is that any webhost that doesn't want you to use a security plugin mostly because they offer the same functionality instead of recommending turning it off, as we do and have many times here, isn't somewhere I'd want my site to be. I'm sorry that you have had this experience with WPE and we hope that you'll use us again should you change hosting providers in the future.

    tim

Topic Closed

This topic has been closed to new replies.

About this Plugin

  • Wordfence Security
  • Frequently Asked Questions
  • Support Threads
  • Reviews

About this Topic