Server Load Caused By Wordfence WAF – Extended Mode

  • Resolved consultant1027

    (@consultant1027)


    4 years, 9 months ago

    Wondering if anyone has done any before/after CPU/Memory load comparisons between not having Wordfence WAF active and having it active in Extended Mode? Was there a big difference?

    What specifically does Extended Mode change in the .htaccess file?

    I believe the extended mode uses a waf script in the root directory not the theme’s directory. When you disable the WAF or deactivate the plugin does it back out the .htaccess changes or do you need to go disable extended mode first?

Viewing 3 replies - 1 through 3 (of 3 total)

  • Hey @consultant1027,

    What type of server load issues are you experiencing?

    When you first install Wordfence it loads as any other plugin. Once you enter Extended Protection it will load before any other scripts to be able to properly detect any issues. It does this by using the PHP auto_prepend function. This code is added to either your user.ini or php.ini depending on your server configuration. The code that’s added to the htaccess simply blocks external access to the files since they contain sensitive server path information. The article below explains more about this.

    https://www.wordfence.com/help/firewall/optimizing-the-firewall/#basic-wordpress-protection-vs-extended-protection

    Please let me know if you have any other questions.

    Thanks,

    Gerroald

    Thread Starter consultant1027

    (@consultant1027)

    I made no mention of having server load issue. Was just wondering if anyone did any before and after benchmarking to see the difference. I am using the Extended Mode.

    Hey @consultant1027,

    I understand. I haven’t tested this, nor am I aware of any difference. the Extended Protection mode simply means that now the code will be loaded before all other code to better identify issues. The plugin first enters as Basic Protection because before it’s installed it has no way to determine the paths to the user.ini/php.ini which will contain the wordfence-waf.php, which includes the auto_prepend function to ensure the code is loading first.

    Please let us know if anything comes up, or you have any other questions.

    Thanks,

    Gerroald

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘Server Load Caused By Wordfence WAF – Extended Mode’ is closed to new replies.