Hosting

WordFence Now a Disallowed Plugin

By April 26, 2014 No Comments

To make sure we are offering the best possible WordPress hosting service available and your website(s) are running as quickly and smoothly as possible, we are adding the WordFence plugin to our disallowed plugin list due to duplicate functionality.

All versions, old and new, will be banned as of April 29th. On May 6th, we will automatically remove the plugin from all of our hosted websites. Unfortunately, there can be no exceptions.

And here is the rub as to why…

While Wordfence has been a popular plugin, there were several contributing factors that led to this decision:

1. The “Live Traffic” view in Wordfence has a tendency to cause database bloat on very popular sites by saving a detailed record of every visit to the database. This, in turn, slows down sites at times where performance really matters. If you are wanting to track real-time visitor behaviour, using a third party real-time analytics package (Google Analtyics has just this feature and its free) is a better option for tracking live traffic with less performance issues.

2. Both the IP and country blocking features in Wordfence have, on occasion, prevented valid visitors from seeing pages. On top of that, if the page is cached at the server end, the blocking features do not work and the page can still be served up.

3. Wordfence turns on the enforcement of strong passwords and the limiting of failed login attempts by default. These features duplicate and can interfere with functionality that we already provide as part of the core hosting service.

4. A recent version of Wordfence added a HTML page caching layer called Falcon Engine that works less effectively than the EverCache technology installed on our server.

We politely disagree with Wordfence’s claim that you can “increase your site performance by such a large margin that your site would continue to perform even under severe load conditions.” There is no real way, at the software level, that you can effectively combat a DDoS attack that has saturated your network equipment. The attack never makes it to Apache or nginx because the traffic cannot even get through the router in either direction (to/from the server).

While we applaud Wordfence for taking the initiative of adding caching, without solid control over the web hosts’ service configurations (memcache, varnish, nginx, etc) it is very hard to provide a robust enough caching solution using just a plugin.

Because our caching layer is a feature that we already offer as standard for all our clients, activating Falcon Engine would do nothing more than attempt to cache a cache. We have seen this break pages in all kinds of unfortunate ways. Obviously we want to avoid this!

If you are currently using Wordfence on your site, and would like to switch to an alternative, we suggest you consider CloudFlare. CloudFlare includes much of the functionality of Wordfence that is not already included in our caching system, without the functionality duplication and performance issues.

If you would like to discuss this or any other option please give us a call on 07 3325 0505 or send a support ticket to support@sbim.zendesk.com

For those with an inquisitive mind, click here to see our entire disallowed plugins list.