Version 6.2.1 of Wordfence was just released and you may have noticed in the changelog that we’ve announced that we will be removing Falcon from Wordfence. I thought I’d go into some detail about why we made this decision.
When we launched Falcon, the caching feature that is part of Wordfence, it was a ground breaking caching engine that was faster than any cache available for certain user configurations. But caching is a complex beast and we have learned a lot during the past few years. When Falcon launched, we were just a team of two people. Wordfence is now a team of 23 people and our area of specialization is high performance security. Not caching.
During the past few months we have been working with hosting providers and what we’ve learned is that, for certain hosting provider configurations, Falcon cache actually can slow things down slightly and it’s preferable for the customer to instead rely on a much faster front-end cache that the host provides. The reason for this is because some hosts use slow local disk for their WordPress hosting but use very fast front-end caches. In those configurations, Falcon generates unwanted disk IO trying to outperform the front end cache, which it will never do.
Some of the hosting providers we’ve worked with have told us that they want the awesome security that Wordfence provides, but they don’t want users to slow down their customer sites by enabling Falcon. Remember, this only applies to certain hosts. But this is one of the reasons we have chosen to remove the feature.
The second, and main reason is that Wordfence is really all about security. It’s what we know and what we’re incredibly good at. We have a sizable team now of forensic experts, analysts, senior developers, operations people and customer service experts and we’re all completely focused on securing WordPress websites. We’d like to stay 100% focused on that and not be distracted by trying to support a feature that is outside our area of focus.
And so with that in mind, we’d like to announce that Wordfence 6.2.1, released yesterday, is phasing out Falcon cache. For this release, if you’re using Falcon, you will receive a notice that you should manually disable it. If you don’t have Falcon enabled or have a newly installed Wordfence installation, you will notice that the Falcon menu has been removed for you.
Our QA team has worked through many scenarios to ensure that this transition is painless for the relatively small percentage of users using Falcon. An upcoming release will disable Falcon and remove the feature if you haven’t already manually disabled Falcon. We recommend that you remove it manually because an attended installation is always safer than having things happen automatically.
We currently have no timeline for when Falcon will be completely removed, but it will be relatively soon and we recommend you take action now. We won’t completely remove Falcon for at least another 4 weeks.
If you’re looking for a replacement WordPress caching plugin, you can find a few recommendations with benchmarks on this page. But I strongly recommend you first consult your hosting provider because what we’ve found is that in some cases, it’s better to rely on the caching that your host already provides.
Going forward, Wordfence will be 100% focused on security and in particular providing the best firewall and malware scanner available for WordPress.
Minor update: As a helpful user on reddit pointed out, it’s unclear in the post above if we’re also removing the ‘basic’ cache. Yes, we’re removing what we refer to as ‘Falcon’ cache which is the .htaccess based caching engine and we’re also removing the ‘Basic’ cache which is the PHP based caching engine. If that’s not clear or if you have any more questions, please post in the comments. Thanks. ~Mark.