Due to duplicate functionality, Wordfence is being added to the WP Engine disallowed plugins list. All versions, old and new, will be banned as of April 29th. On May 6th, we will automatically remove the plugin from all of our hosted websites including the site we are contacting you about (theconsultant). There will be no exceptions to this rule.
(To see our disallowed plugins list please visit http://wpengine.com/support/disallowed-plugins/)
While Wordfence is a popular plugin amongst our user base, there were several things that led to this decision:
The "Live Traffic" view in Wordfence has a tendency to cause database bloat on very popular sites by saving a detailed record of every visit to the database. This, in turn, slows down sites at times where performance really matters. Using a third party real-time analytics package is a better option for tracking live traffic with less performance issues.
Both the IP and country blocking features in Wordfence have, on occasion, prevented valid visitors from seeing pages. On top of that, if the page is cached on our end, the blocking features do not work and the page can still be served up.
Wordfence turns on the enforcement of strong passwords and the limiting of failed login attempts by default. These features duplicate and can interfere with functionality that we already provide as part of our core technology.
A recent version of Wordfence added an HTML page caching layer called Falcon Engine that works less effectively than our existing EverCache technology.
We politely disagree with Wordfence's claim that you can "increase your site performance by such a large margin that your site would continue to perform even under severe load conditions." There is no real way, at the software level, that you can effectively combat a DDoS attack that has saturated your network equipment. The attack never makes it to Apache or nginx because the traffic cannot even get through the router in either direction (to/from the server).
While we applaud Wordfence for taking the initiative of adding caching, without solid control over the web hosts' service configurations (memcache, varnish, nginx, etc) it is very hard to provide a robust enough caching solution using a plugin.
Because our caching layer is a feature that we already offer as a standard for our customers on every plan level, activating Falcon Engine would do nothing more than attempt to cache a cache. We have seen this break pages in all kinds of unfortunate ways. Obviously we want to avoid this!
If you are currently using Wordfence on your site, and would like to switch to an alternative, we suggest you consider CloudFlare. CloudFlare includes much of the functionality of Wordfence that is not already included in our WP Engine system, without the functionality duplication and performance issues.