savvii/warpdrive

This plugin manages various features used by Savvii

Maintainers

Details

github.com/Savvii/warpdrive

Source

Issues

Installs: 5 238

Dependents: 0

Suggesters: 0

Security: 0

Stars: 6

Watchers: 11

Forks: 3

Open Issues: 3

Type:wordpress-plugin

2.10.7 2021-10-26 09:10 UTC

Requires (Dev)

GPL-3.0-only 8c7298726f975bc0f7d931109dfbbb92d7b84221

This package is auto-updated.

Last update: 2024-04-21 18:11:01 UTC

README

This plugin adds several speed and security related features to your WordPress website on the Savvii hosting platform. We welcome contributions, see the section on contributing for more information.

Support

For plugin support, use our knowledge base. For development support, please look over the CONTRIBUTING.md before raising an issue here on github.

Features

Cache flusher

The cache flusher flushes the enabled/available caches (Varnish, Memcached, OpCache and/or Sucuri) when certain changes are saved in WordPress. Depending on the users caching setting this module will flush the varnish cache in different ways. You can choose between flushing the cache on "(custom) post/page edit or publish" and "all post/page edit or publish, comment changes, attachment changes". If your site is having heavy traffic we recommend you to choose the "(custom) post/page edit or publish" option to minimize cache flushes. This way individual objects will age away in the cache to minimize the strain on the webserver. If you want the cache to flush immediately every time you update a post/comment/attachment in WordPress you can choose "all post/page edit or publish, comment changes, attachment changes". Only (custom) post/page, comment changes and attachment changes will flush the cache on save or publish.

Flush on demand

The full page cache can be flushed from another plugin by using:

do_action( 'warpdrive_cache_flush' ); // This will flush the entire cache
do_action( 'warpdrive_domain_flush' ); // This will only flush the cache of the current domain

Read logs

From within WordPress on the Warpdrive dashboard there are links to see the last 10/100 entries in the access or error log entries.

Security

All login attempts, succesful and failed, are logged to syslog using LOG_AUTH. The same format as sshd is used for messages:

Apr 30 17:39:11 vvv warpdrive[5759]: Authentication success for author from 192.168.50.1
Apr 30 17:39:24 vvv warpdrive[5759]: Authentication success for warp from 192.168.50.1
Apr 30 17:39:52 vvv warpdrive[5759]: Authentication failure for admin from 192.168.50.1
Apr 30 17:40:08 vvv warpdrive[5758]: Authentication failure for admin from 192.168.50.1
Apr 30 17:40:25 vvv warpdrive[5758]: Blocked author enumeration from 192.168.50.1
Apr 30 17:40:38 vvv warpdrive[5759]: Blocked author enumeration from 192.168.50.1

A different part this module is to prevent leaking sensitive account information. Author enumeration is blocked and logged. Login attempts with wrong credentials won't give information about valid usernames, a generic message is shown on unknown username and on correct username but wrong password. We do not log any passwords.

Contributing

For contributing information refer to the CONTRIBUTING.md.