Noticed websites with Wordfence are slower.. anything that can be done?

Well I was wondering why some sites took longer on initial html part loading, and I found the cause, after disabling Wordfence plugin load speed went to usual. Question is there anything that can be optimized from Cloudflare’s end? to enjoy both security with Wordfence and speed?
I can of course contact them. Do note nevertheless I will play with the plugin settings and do further tests.

May I ask if Cloudflare’s IPs are allowed and allowlisted in the Wordfence settings? :thinking:

Furthermore, is the “CF-Connecting-IP” HTTP header option for Cloudflare in the Global Options enabled?

Use the Cloudflare “CF-Connecting-IP” HTTP header to get a visitor IP. Only use if you’re using Cloudflare.

Wordfence is fully compatible with Cloudflare, and in some configurations, Cloudflare will send the real visitor IP address to your web server using the CF-Connecting-IP HTTP header. If Cloudflare support personnel have advised you that this is the case, then enable this option in Wordfence.

Note that Cloudflare has several configurations including their own web server module that takes care of detecting the visitor IP address, so be sure to work with their technical support staff and read their documentation to determine which configuration you are using.

2 Likes

Thank you so much!!! Neither was set, I will reinstall Wordfence on my site and set those, as is easier for me to check and compare page speed differences on my own site. Will report back :wink:

By default, isn’t cached at Cloudflare.

However, could be the origin hosts/server if it’s some kind of a news site with a lot of things to load-up for the visitor, which takes the resources if there is no origin caching plugin, neither some kind of a cached HTML for the visitor.

Could be the Wordfence has some issue with determining if the visitor is “bot” or not by the IP, at least.

Nevertheles, hopefully it’s configured to “lite” or “low” resources usage.

I’d suggest trying with multiple available tools.
Keep in mind, score isn’t always the best and 100% presentation of the real-world scenario for the visitor.

May I also ask if it’s the shared hosting? :thinking:

A good way to go, yes :+1:

The thing is, from my perspective, I’m running Imunify360 on the hosting.
It does file scanning and real-time changes (malicious code, malware, etc.).
Therefrom, was using Wordfence until the moment I switched to Cloudflare.
I stopped using Wordfence, since Cloudflare does a lot to secure my Website.
Nevertheless, using different available security settings at Cloudflare dashboard (WAF Rules, Rate limiting, Bot Fight Mode, etc.), I am able to block the bad traffic and leverage Cloudflare in that particular way to lower the usage of the CPU load and other resources on the server itself which is much beneficial.
Also, on the WordPress, after, I am using the simple WP Super Cache plugin to generate the HTML documents from posts and pages which are then served to the visitors.
That way, I don’t have to bother about the CPU spikes, etc. especially on the shared hosting.
In the meantime, I switched and using the BBQ (Block Bad Queries) simple lightweight plugin, just in case, and it’s doing the job great in combination with the Cloudflare’s Turnstile on WP Login form to protect from brute-force.

So, maybe not a case for you, but I love to share this experience and insight since it might help you to decide which way to go in your case.

As you say “play with the plugin settings”, we have to dance a bit to find a solution which suits our case :slight_smile:

Please feel free to write back and dug the Cloudflare forums for more feedback :wink:

We’re here to help

2 Likes

Thank you so much and great to know and learning from others experience indeed this a a dancing trying and fixing or improving sort of dynamic.

By default, isn’t cached at Cloudflare.

Well I did create a rule for caching everything at Cloudflare, except private Wordpress pages

May I also ask if it’s the shared hosting? :thinking:

It is indeed.

The thing is, from my perspective, I’m running Imunify360 on the hosting.

You can disable it on a specific domain, so in my case is disabled since I was trying to increase the edge server cache from Cloudflare and didn’t play along with Inmunify, from their support they hinted me how to do the above, but in the end there were still problems with 20h edge cache rule so I decided to remove that rule.

Also, on the WordPress, after, I am using the simple WP Super Cache plugin to generate the HTML documents from posts and pages which are then served to the visitors.

Here using Autoptimize.

I switched and using the BBQ (Block Bad Queries) simple lightweight plugin

Thanks for sharing looking good :slight_smile:

and it’s doing the job great in combination with the Cloudflare’s Turnstile on WP Login form

In case is useful I’m using Login Lockdown plugin, and for forms Turnstile as well coupled with HTML Forms plugin.

1 Like

Ok tested in my site is now running much faster, I have to wait though learmode to finish I guess and re-test… Thank you!!!

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.