Incompatibility With WP Fastest Cache

  • Resolved Anonymous User 14978628

    (@anonymized-14978628)


    9 years ago

    Hi Paul,

    I’ve just discovered (after using the two together for some time) that the option to block remote iframes doesn’t work when WP Fastest Cache is enabled. And i think the rest of the security header options don’t work either.

    Just wondering if you were aware of this, or if you could recommend another fully compatible caching plugin? Thanks

Viewing 3 replies - 1 through 3 (of 3 total)
  • Plugin Author Paul

    (@paultgoodchild)

    9 years ago

    WP Super Cache had the same issue and I put in a slightly work around, somehow, for that.

    But here’s the thing, most of these caching plugins aren’t fit for purpose. Yep, I said it. That might upset a lot of people. I would be delighted if a caching plugin developer could sit me down and show me how they’re different. I’d happily be proven wrong.
    They’re alright, but they’re half-baked, and I haven’t seen any that properly honour HTTP Headers as well as the content.

    But to be fair, it’s not their fault. Many of our sites are dynamic. But we’re trying to squeeze dynamic pages through a page cache. And it then breaks. Some things just shouldn’t be cached.

    Page caching for dynamic sites is a risky business and it needs a lot of care and attention to cover all the bases. I use W3 Total Cache on some sites, but frankly, I only use it to push browser and assets headers and I’m gradually getting rid of it. In-fact, I rely predominantly on CloudFlare for a lot of my performance enhancements.

    You just can’t go wrong with CloudFlare. And if you have a lot of non-dynamic content sites, then you can even cache the HTML. Win.

    That’s my 2c.

    Thread Starter Anonymous User 14978628

    (@anonymized-14978628)

    9 years ago

    Hi Paul,

    After looking into this issue since my last message i realize there are a lot of problems using caching plugins and outputting security headers. But at the same time a lot of people use caching plugins to improve page load speed, so i don’t think many people would want to stop using them.

    I found a message on the support forum where someone had the same problem as me. WP Fastest Cache and WP Super Cache didn’t output security headers correctly. However, they did find that Comet Cache works.

    I’ve now installed Comet Cache and it’s outputting all the security headers correctly, including clickjacking protection.

    My suggestion would be to somewhere, either in the documentation or perhaps on the relevant section in the plugin, to let people know that security headers might not work with their caching plugin. And perhaps recommend Comet Cache as that does work.

    In my own case, i thought i was protected enabling the settings in the plugin, when in fact i was not. So without a warning, the security headers section of Shield may be giving people a false sense of security. They think it’s helping them, when it reality it isn’t because of the caching plugin they are using.

    That’s my 2c. Thanks!

    Plugin Author Paul

    (@paultgoodchild)

    9 years ago

    Cool, sounds good.

    There’s definitely a lot more I can do with documentation on many parts of the plugin – HTTP Headers is one of them! Thanks for sharing your thoughts on that.

    Good find on Comet Cache – I’ll give it a look!

Viewing 3 replies - 1 through 3 (of 3 total)

The topic ‘Incompatibility With WP Fastest Cache’ is closed to new replies.

  • 3 replies
  • 2 participants
  • Last reply from: Paul
  • Last activity: 9 years ago
  • Status: resolved