Wordfence Now Works on WP Engine and with Load Balancers
Today we are launching a version of Wordfence containing a new feature for sites on hosting providers with read-only file systems such as WP Engine or for environments where multiple web servers are behind a load balancer. This new feature uses a MySQL storage engine for firewall attack data to protect WordPress sites in complex hosting environments.
For most sites, Wordfence uses the file system to store data about attacks. Writing attack data to the file system is the most efficient method of doing so, and if a site allows for file access, your Wordfence plugin will continue to use this method.
WP Engine’s File System Locking
One of WP Engine’s security features only allows write access to the filesystem when a WordPress administrator is logged in. When there is no active administration session, the file system is read-only. This is a great security feature to limit file changes when no authenticated user is working on the site. However it limits the ability for certain plugins to work optimally, such as Wordfence.
In cases like this where file system access is not allowed, the new Wordfence MySQL storage engine allows WP Engine users to leverage Wordfence’s unparalleled protection for WordPress.
Load Balancers are now supported
In load balanced environments, state is not maintained on individual WordPress servers. This prevents Wordfence from using a file-based storage scheme for the firewall. The new Wordfence MySQL storage engine solves this by allowing a load balanced site to maintain state across multiple web servers, using MySQL as a central storage system.
Wordfence customers can now deploy Wordfence in their load balanced environments and scale their web server cluster horizontally while benefiting from Wordfence protection for the entire installation. We have many larger customers who are very excited about this new feature.
Wordfence MySQL Storage Engine FAQ
As we are sure you have questions, we wanted to provide some answers to determine what this means for your sites.
Q: I’m not using WP Engine. What changes do I have to make?
Nothing will change, and you won’t have to change anything. Wordfence will continue to work exactly as it always has on your site. In fact, we recommend you don’t change anything. This new feature is an accommodation for complex environments only. There are no new settings that you need to adjust.
Q: I’m installing Wordfence on a site at WP Engine. What do I have to do?
Site owners do not have to change anything. Wordfence will detect your WP Engine installation and make the required configuration change to activate the MySQL storage engine for the firewall
Q: I have a site hosted behind a load balancer. What do I need to do?
In order to have the MySQL storage engine enabled in load balanced environments, a constant will need to be changed in the Wordfence environment.
To configure the WAF to use the MySQL storage engine, you would need to add define(‘WFWAF_STORAGE_ENGINE’, ‘mysqli’); to the top of your site’s wordfence-waf.php in Extended Protection mode. Our documentation details how to do this.
Q: How will this change performance of Wordfence?
There are no changes in performance for either the Wordfence firewall or scan engine. This new feature only changes how the recording of attacks are stored for sites on WP Engine or load balanced servers. Performance will not be affected.
Q: Do I have to use Wordfence Premium to use the MySQL storage engine?
The MySQL storage engine is completely free. It is available for users running Wordfence Premium and our free community customers. That means that both the free and Premium versions of Wordfence will now be supported on WP Engine.
Q: Anything else we should know?
WP Engine needs to make a change on their end once we release this version of the plugin to ensure that Wordfence is fully supported. There may be a brief delay while they make this change, so please be patient. If you are trying to enable Wordfence on WP Engine and are having trouble, please contact their support team. We are working directly with WP Engine and they are able to reach out to us in case we need to provide assistance.
If you are using a load balanced environment and need help enabling this new feature, please don’t hesitate to reach out to our support team either via our ticketing system for Premium customers, or via our public forums if you are a free customer.
We welcome your feedback about Wordfence’s MySQL storage engine and how Wordfence supports your security on WP Engine and load balanced WordPress environments.
All product names, trademarks and registered trademarks are property of their respective owners. All company, product and service names used in this post are for identification purposes only. Use of these names,trademarks and brands does not imply endorsement.