A lot of people like to use WordPress because of the ease of use.  However when it comes to high traffic websites and the need for caching, every cookie, and header is important to ensure that pages properly cache.  We like to use Varnish to help our customers increase their hit rates without the need to throw extra hardware at the problem.

One of the issues I’ve seen is that when a customer enables the Wordfence plugin on their website the server load goes through the roof during what should be normal times of the day.

I’ve tracked this down to two things happening, first we always disable the WordPress auto cron and put in a cronjob to schedule running periodically.  We don’t want the system to attempt do rescan or check files too frequently.

You’ll want to edit your wp-config.php file and add the following line:

define('DISABLE_WP_CRON', true);

I usually add it just before the Authentication Unique Keys section.

Then add a cronjob to run the wp-cron every 5 minutes:

*/5 * * * * (cd /home/user/public_html/; php -q wp-cron.php) > /dev/null 2>&1

Second problem is page caching.  Wordfence drops a cookie wfvt_* that will break Varnish and other caches.

HTTP/1.1 200 OK
X-Cache: MISS
Content-Type: text/html; charset=UTF-8
Set-Cookie: wfvt_2442190386=5a76b47112a1c; expires=Sun, 04-Feb-2018 07:51:21 GMT; Max-Age=1800; path=/; HttpOnly
Connection: close
Age: 0
Date: Sun, 04 Feb 2018 07:21:20 GMT
Accept-Ranges: bytes
Transfer-Encoding: Identity

You’ll see it above in this example header.  The wfvt cookie dropped by WordPress when Wordfence is enabled, causes a cache miss each time a page is requested.

The main use of this cookie is for providing real time info of who is on the website.  If you have Google Analytics, you’ve already got the ability to see realtime traffic, so we disable Live  Traffic feature which removes that cookie and allows Varnish to cache pages.

Log into your WordPress Admin

Go to Wordfence Plugin > Tools > Live Traffic > Live Traffic Options

Then uncheck “This option enables live traffic logging

That should disable live traffic while leaving all the rest of your features enabled.

Making both of these changes will help you get higher cache rates and allowing you to scale their WordPress website successfully.