WP Rocket

Hi Marty,

I’ll ask the dev who did the reporting/testing with WP Rocket to see if there is anything special that is required. I know that with other caching plugins, the problem is with page caching. Blackhole uses WP init hook to check requests. But when pages are cached, WP/hooks generally are not called, so plugins like Blackhole cannot do their work.

Okay so it turns out that WP Rocket’s page caching and Blackhole are incompatible. All other WP Rocket features work fine with Blackhole. I have updated the compatibility list accordingly. Thank you for reporting this, and apologies for any inconvenience.

Thanks for sharing that information. I believe I’ve already explained several times now why page caching (like with WP Rocket) is incompatible with Blackhole; here it is again just in case:

“There are many types of cache plugins. They provide all sorts of different caching mechanisms and features. All caching features work great with Blackhole except for “page caching”. With page caching, the required init hook may not be fired, which means that plugins like Blackhole for Bad Bots are not able to check the request to see if it should be blocked. Fortunately, two of the most popular caching plugins provide settings that enable full compatibility with Blackhole.”

This is taken from: https://plugin-planet.com/blackhole-pro-cache-plugins/

So it’s not about the hidden link, but rather about the fact that the Blackhole script does not have a way to check the request when page caching is enabled. Because PHP/MySQL is not available when the plugin is serving static HTML copies of your WP pages. So there is no way to check each request to see whether or not it should be blocked. Think of it this way: WordPress plugins do not work when WordPress is not available; and when you use page caching, that’s essentially the case.

As for WP Super Cache, all I am liberty to say is that it has been tested and confirmed to be compatible when “Late init” is enabled.

Absolutely it is helpful and appreciated. Just want to make sure that everyone is on the same page with the underlying issue. I am keeping my eyes and ears open for any possible solutions for page-cache plugins like WP Rocket that don’t provide any sort of “late init” functionality (like WP Super Cache, W3 Total Cache, et al).

Great idea but no, both the PHP script and WP plugin rely on dynamically checking the incoming request (whether it should be blocked or not). Just not possible when PHP is not available (i.e., PHP functionality requires PHP in order to work).

In general, it’s best to handle traffic at the server level; that prevents resources from being used for PHP, MySQL, etc.

That’s the biggest drawback of using Blackhole as you have to sacrifice site speed for security.

Only if your site is slow and requires a page-caching plugin. Also the converse could be argued: the biggest drawback of page caching is that it renders many plugins useless.

I couldn’t find a Blackhole in the source on PerishablePress. Are you using Blackhole on your website? It seems quite odd not to be using your own plugin!

I handcraft my site security based on context and traffic. If you browse thru the Perishable Press archives, you will find that I’ve developed hundreds of security plugins and techniques over the past 12+ years. It would be unnecessary and silly to implement all of them on any one site.

Yeah tell me about it. I wish page caching plugins were never necessary. In any case, when you ask if it’s “feasible for Blackhole to work without php being required”, you essentially are asking if it is possible to dynamically block bad bots using static HTML content (which is what is generated by page caching plugins). And as discussed previously, the answer to that question is “no”, not possible. HTML is static, which means it displays content and that’s it. For anything dynamic, like checking for bad bots, you need PHP or some other scripting or programming language.