Your help file is out of date

  • Resolved lookingahead

    (@lookingahead)


    5 years, 12 months ago

    Hi there.

    Apparently upon new versions of your program, there’s no way to disable cookies.

    In your help file, you state that the ability to disable cookies is under ‘General Wordfence Options.’ Well, that’s not the case. The option to shut off cookies does not exist there. And with some hosting/CDN plans, that operation disables that host from being able to cache the site. Which slooooows down the site.

    So I was told to disable cookies. I used your help file. Then, I go to ‘General Wordfence Options’ in my WordFence plugin and….lol the option to disable cookies is not there.

    I even looked elsewhere in the options listed, under different headings — the option to disable cookies does not exist.

    And I tried to ‘guess’ what other option could produce the same result….to disable cookies. No idea what that would be.

    Funny thing: I upgraded this morning to the latest version. And now the only way I would be able to get Wordfence back in shape is to reinstall an older version. Because that would follow the instructions and allow me to disable cookies.

    Ultimately though, upon learning what that would do to my site….that disabling cookies would allow Admins to be treated like ‘any other user’ and get scrutinized (forbidden…???) with actions they need to take, this is incredibly disturbing. I don’t want to be restricted from performing basic Admin actions when managing the site’s files or function.

    So, a summary of my questions:

    1.) I need to disable cookies. Because it prevents my host/CDN from working. How can I do that now?

    2.) AND…is there any way, after disabling cookies, that my Admin status won’t be restricted from performing the most basic duties?

    3.) if I were to ‘downgrade’ to a previous version of Wordfence and find the option to disable cookies that corresponds with your help file……upon upgrade from the dashboard, would that setting still be set? Because I’d LIKE to have the most current version, but also need cookies shut off….and if upgrading always removes that ability to shut off cookies, then Wordfence is absolutely worthless to me…. :/

    Please let me know how to accomplish this.

    Thanks. ??

    The page I need help with: [log in to see the link]

Viewing 8 replies - 1 through 8 (of 8 total)

  • Hi there,
    We don’t use cookies on the front-end anymore, that’s why we have removed the option. We’ve implemented other ways of distinguishing between bots/humans and we only keep track of admins when they are logged in.

    So you don’t have to do anything at all. I’ll make sure we update the docs asap.

    Thanks!

    • This reply was modified 5 years, 12 months ago by wfasa.
    • This reply was modified 5 years, 12 months ago by wfasa.
    Thread Starter lookingahead

    (@lookingahead)

    You’re welcome, @wfasa!

    So……..my host is still telling me you’re using cookies which is preventing my host from caching.

    Apparently SOMEHOW there is a use of cookies — you said “front end” so perhaps you’re still doing it on the backend?

    Still need to turn your use of cookies off.

    How?

    We use cookies in the WordPress admin. The WordPress admin does that itself as well. That’s how you are able to stay logged in to the WordPress admin. The WordPress admin shouldn’t be cached because that would cause all kinds of trouble. Perhaps you can ask them what the name of the cookie is that is causing the problem.

    Thread Starter lookingahead

    (@lookingahead)

    I think you either misunderstand my issue or you are attempting to not answer my question, @wfasa.

    It’s not a ‘name of a cookie’ — the hosting provider SPECIFICALLY NAMED THE WORDFENCE PLUGIN as using cookies and needing to disable its use of cookies. Not one cookie. All of YOUR use of cookies.

    Tell me how. Please.

    If there is no way to get your plugin to stop using cookies — which according to their analysis IS STILL happening — then your plugin will continue to conflict with my host.

    Your plugin.

    Your plugin’s use of cookies.

    Tell me how to stop your plugin from using cookies, please. Thank you.

    Hi @lookingahead!

    I’m not doing anything here except trying to help. Please try to keep a friendly tone.

    You’ve explained that your problem is that cookies can break cache on CDNs. I have explained that we’re not using cookies on the front-end of the site and that WordPress admin should not be cached. If you just want to know how to disable all cookies in Wordfence, the answer is that it’s not possible.

    However, I wonder if perhaps the hosting company doesn’t know that we’ve stopped using cookies on the front-end? That’s why I’m asking which specific cookie they think is causing the issue. If there is any way you can get that information I’d be happy to investigate further.

    To sum up: It’s not possible to disable cookies in Wordfence anymore but you shouldn’t need to do that because we’re not using any on the front-end of the site.

    Thread Starter lookingahead

    (@lookingahead)

    Oh hi there @wfasa

    Why do you keep telling me it’s not a problem when my host says it IS a problem?

    No, I’m not worried about being ‘friendly’ here — you’re not getting my meaning and so I have to be SUPER CLEAR. If you take offense to that that is an error on your part. I’m being exceptionally blunt in hopes that you’ll FINALLY get my meaning.

    But apparently you either are unwilling to hear what I have to say or unable to hear it. That’s bothersome. And that just draws out conversation and leads to nothing getting done.

    If you had told me from the beginning that the option no longer existed to disable cookies, not anywhere…then I could have solved my issue sooner.

    Now, I’ve wasted time trying to re-state my issue over and over again, in hopes that you’d finally ‘get’ what I’m saying. To find out if Wordfence will allow users to disable its use of cookies.

    Now, you tell me that there is not a way to disable cookies, not in any way.

    That’s not good.

    The problem isn’t WHERE Wordfence uses cookies — it’s that they use cookies at all.

    Again — this is what my host confirmed. It is not a ‘guess’ or a ‘maybe’ — and it is not a problem, lol, with a particular cookie.

    And again, I’ll state that this is a problem that Wordfence has known about for years — that’s why the helpfile I linked to at the start of this post existed. Because it was, and is, a known problem. But for some ungodly reason, Wordfence chose to take that solution away that they developed….WHY IN THE WORLD they’d do that, I have no idea.

    It’s still a problem.

    And for some reason, you’re trying to deflect blame for Wordfence un-solving a problem that the Wordfence plugin is known to cause. Just admit Wordfence made a very bad decision to take away that option for us to solve their incompatibility with managed hosting/CDN caching…and let them know to fix it, please.

    Because at this point, all you’re doing is giving me “explanations” to a problem that is not the actual problem.

    The problem is not “we disabled cookies on the front end, so all should be okay!”….the fact that you took away the ability for users to turn off your use of cookies is the problem, not, lol….the fact that cookies were used on the front end.

    It’s that Wordfence uses cookies, takes them away from the host’s/CDN’s cache system. SO that renders it inoperable.

    Front end cookies vs. back end cookies? IRRELEVANT.

    And your, lol, taking them away on the front end is not a solution; it is possibly even a detriment.

    Wordfence cannot take control of cookies over the site’s host taking control of cookies for its caching system. It’s just not gonna work. So we need to STILL have that option to shut them off.

    Capesh?

    AND HOW do I know that disabling all Wordfence cookies is STILL a valid solution….?

    Well!

    I went ahead and restored an older copy to my site; the only difference being the Wordfence plugin being from when you could still disable cookies….juuuuust like your own helpfile says to do.

    And guesssss what?

    My host no longer says that their cache is disabled because of Wordfence using cookies. Of Wordfence taking control of cookies away from my host’s cache system.

    It’s Wordfence’s issue. One they knew about for years. One that they even went so far as to write a help page for it, to have users resolve it.

    Why in the WORLD would Wordfence take away a solution from users? While not solving the problem on Wordfence’s end — the problem being that Wordfence battles with a host’s caching system, takes its use of cookies away from it…and renders that host’s caching UNABLE TO WORK AT ALL…??? This ‘cookie battle’ is a known problem, again……one that Wordfence has known about for years. It’s not like we can ‘uninstall’ these caches. We depend on them to keep our sites functional. And since I can’t uninstall my managed host/CDN’s caches, and DEPEND on them to have my site remain FUNCTIONAL…I have to either use an older copy of Wordfence where they STILL allowed us to solve the issue, lol…or upgrade to a version of Wordfence that no longer allows users to solve this issue.

    You know how super not-intelligent that is of Wordfence to have done? How incredibly non-productive, non-helpful, and non-wise it is? It renders Wordfence USELESS.

    SO for now, I’m using an old version of Wordfence. And looking at other security solutions as a result.

    Great job on castrating your own plugin. Wonderful.

    Please find a fix for this — I mean, seriously….give us back the option to disable cookies in the upcoming versions OR get your program to play nice with host caching/CDNs.

    At the very least, if you’re gonna take control of cookies away from my host and render its caching system useless, then give us a warning. Say that Wordfence is no longer compatible on managed hosting/CDN plans.

    Because it isn’t.

    And that’s the truth.

    And lol, no….Wordfence did NOT solve anything by taking cookies away from ‘the front end’…LOL omfg. It’s that Wordfence uses cookies. Period. Doesn’t matter where it uses them, because it always uses them like a greedy child. And doesn’t allow anyone else to use them.

    Fix that, and you’ll have fixed the issue Wordfence KNEW ABOUT FOR YEARS and has now no longer allowed users to rectify. LOL YOU WROTE A HELP ARTICLE ABOUT IT, hahaha…..this is NOT NEW NEWS.

    FFS.

    Moderator Marius L. J.

    (@clorith)

    Hiya,

    @lookingahead, I’ll start with a heads up, I’ve flagged your account, this means one of our moderators will need to manually approve your post before it becomes public. I’m doing this because you are walking a thin line right now, and are more likely to go off the deep end than not. Once we see that you’re behaving properly, we’ll remove this flag again.

    I had a quick look, I unfortunately do not know what your website is, or who your host is, so I can’t comment on caches functioning and so forth, but I can make a comment both as a host, and as a developer who had a quick look, and so I shall ??

    On the host level, you can actually drop non-compliant cookies before trying to do caching, this is what the majority of hosts will do, and is hopefully what your host has set up (although it sounds like they might not, based on your descriptions and explanations).

    I’m also noticing that you never make any statement about what is actually the issue, only that your host is making various claims, are you actually observing problems with your website caches? (if so, providing a link to your website is really useful for anyone looking to help you, and may warrant its own topic).

    I did also install the plugin on a test site, and I’m not seeing any cookie use on the front end when I’m not logged in, and when I am logged in, nothing should be cached any way to avoid caching private data (yes, it matters, front-end vs back-end isn’t irrelevant here ?? )

    Moderator Ipstenu (Mika Epstein)

    (@ipstenu)

    ?????? Advisor and Activist

    Speaking as a host, we often have two types of documents that warn you about cookies. One is a general “We see WordFence, it may have cookies.” and that shows up in our generic overview help docs. But also we often have tools to let you scan your site and tell if if any cookies are found on the front end.

    For example, I support the Proxy Cache Plugin (Formerly Varnish HTTP Purge) and it does both. First, it check for the cookies itself, and tells you if they’re found. Then it checks if the plugin is installed at all and says “This plugin uses cookies, which may prevent server side caching.” – note the MAY. If there’s no cookie found in the other checks then the plugin’s fine ?? It’s a notice, versus a warning.

    And WordFence is right. The front-end cookies are the ones that matter, because they’re the ones that can muck up caching for non-logged in users. It’s difficult to write things to cover all situations and permutations.

    If WordFence is telling you there are no more cookies on the front end, then it’s fine and that’s probably not a problem for you.

Viewing 8 replies - 1 through 8 (of 8 total)
  • The topic ‘Your help file is out of date’ is closed to new replies.