Hi @ericr23,
As a general answer, the order matters, but in your specific case, check things for a while and if you notice something wrong, let us know and we’ll have a closer look.
Thank you, Alin. It didn’t seem to affect things. I changed the order to “WPSuperCache”, “WordPress”, “Wordfence WAF”, and that didn’t seem to affect things, either.
Hey!
Thank you for letting me know. It’s good to hear that changing the order of the code blocks in the .htaccess file didn’t seem to affect your site’s performance or security.
In general, it’s best to follow the recommended order for code blocks in the .htaccess file. However, it’s also important to test and verify any changes you make to ensure that they don’t cause any issues or conflicts on your site.
Overall, it’s great that you’re taking steps to optimize your site’s performance, and we hope that your caching setup including WP Super Cache continues to work well for you.
If you have any further questions or concerns, please don’t hesitate to ask. We’re always here to help.
Be careful, since Wordfence doesn’t work WITH ANY Caching plugin enabled.
So you think WF protects you but it doesn’t.
-
This reply was modified 1 year, 4 months ago by dimal. Reason: typo
Wordfence appears to be working fine.
@ericr23 “appears”. Correct. Check the live ALL traffic and you will see a page visit doesn’t show AFTER been cached.
Hello there,
Although this thread has been marked as resolved, please don’t hesitate to open a new thread if you continue to experience issues with WP Super Cache.
Thank you!
@alinclamba Thank you. But this is NOT an issue of WPSC but of various SECURITY plugins that do NOT warn users that if caching is used, they are probably UNPROTECTED.
Hi @dimalifragis,
Thanks for your feedback. Our team will discuss the possibility of showing a notice when a security plugin is active. You may also want to raise this concern on the support forum for the security plugin itself.
Thanks,
It appears that to allow Wordfence (in “extended protection” mode) to act first, WP Super Cache has to be “simple” mode and “late init” has to be turned on.
Exactly. Simple Mode=PHP mode and Late Init=serve the cached page AFTER WordPress is loaded.
My previous caching plugin (Comet Cache) “hooks” very very early, as the developers say, so it doesn’t work right.
I explain that for people that may need to understand why.
Still, this is an issue of Wordfence and not of WPSC.
Great discussion, all – and thanks in particular to @dimalifragis for suggesting simple mode as a way to let WordFence run first.
I just wanted to chime in with a few points to consider:
When WPSC is running in Expert mode, it configures your webserver to serve static HTML files directly from the cache without executing any WordPress PHP code. (That’s why Wordfence doesn’t get a chance to run first).
I don’t think that’s necessarily a conflict. While WordFence may block some traffic to prevent attacks, serving static HTML at this stage means your site isn’t vulnerable to attack, as no dynamic content or PHP code is being executed.
If WordFence is blocking traffic from specific IP addresses to mitigate DDoS attacks, serving static HTML content for a page is likely even faster and lighter on server resources than running enough PHP code to filter the request.
That doesn’t solve the traffic reports issue, so if you rely on the traffic report from Wordfence, I’d recommend leaving WP Super Cache in simple mode as @dimalifragis suggests.
Very good points. I was going to think through that, so many thanks. And the server itself should provide protection against DDoS attacks.
Then maybe 404 shouldn’t be cached?
That sounds like a good idea.