Can I deactivate Wordfence on certain pages?

  • Resolved szymonfortuna

    (@szymonfortuna)


    2 years, 3 months ago

    Hi,
    I’m using Wordfence on my website as a security plugin. At the same time I’m using other tool that allows to deactivate certain plugins on particular pages. I need to do that in order to optimize page loads especially when having more plugins but not needing all of them being active on every page.

    When it comes to how Wordfence is suppose to protect my site. Should I keep it active all the time or if I deactivate it on the frontend it still will do it’s job in the background?

    Would you be able to give any feedback on that?

Viewing 3 replies - 1 through 3 (of 3 total)
  • Plugin Support wfpeter

    (@wfpeter)

    Hi @szymonfortuna, thanks for reaching out!

    When the Wordfence firewall is optimized, it runs before any WordPress page content is served to your visitors, including the loading of other plugins. It does this so that blocks on malicious traffic or those violating your Rate Limiting or Brute Force settings happen first.

    Your Live Traffic page may only be logging security events (our default recommended setting) but all page hits on your site are looked at, so disabling Wordfence scripts on a page-by-page basis may have unexpected or unreliable results that we’d be unable to support due to the involvement of a third-party plugin to change its behavior.

    If you’re making these changes for performance reasons, Wordfence is installed on ~5m sites and generally does so without significantly impacting performance. My recommended performance setting options are here.

    Ensure max_execution_time = 60 in php.ini, Wordfence’s scan only ever attempts to use half of this value by default. Your WP_MEMORY_LIMIT should be set to 128M or 256M in wp-config.php. WooCommerce, for example, recommend 64M minimum, so if you also have many hits on the site at once especially during a Wordfence scan, a lower limit here could be reached fairly easily. Your PHP memory_limit value could also be adjusted to 128M or 256M to accommodate this change.

    Thanks,

    Peter.

    Thread Starter szymonfortuna

    (@szymonfortuna)

    Thank you for this information. So it’s better to keep it active in the frontend.
    Just one more question. What about backend post/page edit pages. I also deactivate all plugins possible to keep the edit pages loading fast.

    Is it possible that deactivating Wordfence on those type of pages could lead into some unexpected results or glitches?

    Plugin Support wfpeter

    (@wfpeter)

    Hi @szymonfortuna, no problem at all.

    It is likely to still potentially cause problems as admin logins and changes to content by users with administrative access will still be looked at, even if no action is taken by the firewall.

    We don’t usually recommend using features like “Allowlisted IP addresses that bypass all rules” unless absolutely necessary (and the IP is definitely fixed), so I don’t think selectively disabling Wordfence on certain admin pages would be something that’d work reliably, especially if done through a third-party plugin that we wouldn’t be able to support if anything went wrong.

    Thanks,

    Peter.

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘Can I deactivate Wordfence on certain pages?’ is closed to new replies.