This is a big day for us. We’ve been quietly working on a release that will fundamentally improve the amount of protection that Wordfence provides for your site and your online presence.
This evening at 8pm eastern time we released Wordfence 5.0.1 to the world. This version of Wordfence includes many fixes and improvements. You can find Wordfence 5.0.1 here, and the full ChangeLog for Wordfence 5.0.1 is available on this page.
The biggest focus for this release was performance. We realized that the best way to combat distributed denial of service attacks and many other attacks that overwhelm your site with traffic was to increase your site performance by such a large margin that your site would continue to perform even under severe load conditions.
When we started work on this release, we started from the basics and analyzed web server performance and Wordfence’s performance from the ground up. We used low level performance analysis tools that watched operating system and database performance to carefully monitor our test servers and see exactly where the bottlenecks were. We also looked at the way a web server works and found out a few surprising insights.
I’m going to share one of the most interesting things we discovered which led to a very efficient design in our new high performance caching system: Falcon Engine….
Did you know that if you have a page stored on your web server and it is stored in a deeply nested directory structure, this has a huge impact on how fast the page is served? For example the page
is going to be served much faster than
The reason for this is because most hosting environments for WordPress use .htaccess configuration files. This causes the web server (Apache being the most common one) to check if there is a .htaccess file in the directory you are accessing. But it goes further than that. The web server will also check for the existence of an .htaccess file in EVERY parent directory of the directory being accessed.
The trouble with this is that Apache generates a stat() request every time it checks for .htaccess which accesses the physical disk and that is the slowest thing you can do on a web server. You NEVER want to access physical disk if you can help it.
So in the second example above, if you hit the above document with a web request, it will cause Apache to stat() for .htaccess files in the following locations:
That is 10 disk accesses which is incredibly slow. Depending on which web server you’re using you may see more stat() activity in parent directories of your web server root.
Many caching plugins for WordPress, including the most popular ones, actually store cached versions of your web page on disk using the same directory structure as your URL structure. So in the above example if the URL looks like /this/is/the….. then that is the directory structure that will be used on disk. That means that, while they speed up your site by storing pre-rendered versions of your web page on disk, they slow it down again by forcing the web server to do a large number of stat() operations which accesses physical disk.
This is a big performance problem for WordPress because we like to use permalinks in the WordPress world which have a structure like /2014/04/20/my-new-web-page/ – and most of our pages have these deep structures.
What we did when designing Falcon Engine is we designed a new caching storage scheme that uses far fewer subdirectories, which therefore generates far less disk accesses per request and makes Falcon Engine faster than other caching plugins.
To give you an idea of how much faster Falcon Engine will make your WordPress website, I’ve created a short 5 minute video to give you a brief introduction to Falcon and show off a few benchmarks.
Falcon Engine is one of the many performance improvements we have added to Wordfence 5. Another improvement is that we cache our own configuration data in a serialized disk file to dramatically reduce the number of database queries for requests that are not cached. This provides a nice performance improvement for every request and reduces load on your database.
We have also included a PHP based caching system for site owners who aren’t able to modify their .htaccess files to enable Falcon Engine. This provides a 2 to 3 times performance improvement over plain vanilla WordPress performance.
Wordfence 5 removes the choice that site owners have historically had to make between performance and security and we provide both, combined into a single, enterprise ready, high performance security plugin for WordPress.
Mark Maunder – Wordfence Founder.