Definitely we need not only hardening security but also speeding up the site. So you may want to use IP Geo Block with a caching plugin.
This is a big challenge to make this plugin compatible with cache plugins, because they would respond the requested content without executing any PHP codes at the very beginning of WordPress core process or even before the core starts.
To achieve the demand for both security and speed, the cache plugins need to support the following requirements.
One of the most important thing for this plugin is to prevent caching an error
page where an access denied message is rendered. For this purpose, this plugin
DONOTCACHEPAGE constant and set the flag for
On a cache plugin side, one of the followings needs to be supported.
IP Geo Block provides the option “Validation timing” which kick off this plugin at an earlier phase than other typical plugins.
In correspondence with it, a cache plugin need to support the option for “deferred execution” or “late initialization” to give this plugin a chance to render an error page before the cached page is responded against the requests from blacklisted countries (or IPs).
Here’s a list of supported requirements mentioned above.
|Plugin Name||Do not cache page||Deferred execution|
|WP Fastest Cache||✓||N/A|
|WP Super Cache||✓||✓|
|W3 Total Cache||✓||✓|
|Swift Performance Lite||✓||✓|
This list shows that:
The followings are the options setting in each plugin.
A must-use plugin is a plugin that will always be activated by
default and be loaded prior to other typical plugins when you install it into
You must select
"mu-plugins" (ip-geo-block-mu.php) as Validation Timing in “Validation rule settings” section to install this plugin
as “must-use plugin”.
ip-geo-block-mu.php has following restrictions mainly because of
its execution timing which is before
after_setup_theme action hook:
drop-in.phpin your geolocation database directory.
Please refer to “Validation timing” for more details.
Well, it would not be so serious. Let’s think about WP Fastest Cache for example.
If someone requests a page where a cache hit occurs, no PHP code would be executed but static contents in the cache would be responded. In this case, this plugin has no chance to block anything.
If someone requests a page where a cache miss occurs, then WordPress would start to handle the request. In this case, this plugin would have a chance to validate the request.
So a visitor from forbidden countries sometimes gets cached contents and sometimes gets blocked. This means attack from forbedden countires would fail. As a consequence, blocking by country can still reduce the risk of infection.
WP_Object_Cache is a core class that implements an object cache. It stores all of the cache data to memory and makes them reusable within a request, but it does not make them reusable between different user agents even for the same content.
Unlike the full page cache plugins mentioned above, object cache plugins like LiteSpeed Cache on OpenLiteSpeed Web Server and Redis Object Cache using Redis make the “object” persistent. So the mechanism of persistent object cache is suitable for dynamic contents, and should be compatible with IP Geo Block.