coreSecurity & Cache Plugins

How Cache plugins work

Most cache plugins (including popular WP Super Cache, W3 Total Cache, WP Rocket…) are caching the full page response as HTML, and store that static HTML to load it later, bypassing WordPress loading and request processing to speed up the response time by serving content that is rendered and cached.

That means, that for some requests coming to the website, if there is a cached HTML matching the request, that HTML will be served, and WordPress is not loaded. That means, that plugins running inside the WordPress will not be loaded or used for such requests.

When a specific cached request or whole cache is cleared, the cache plugin will again generate cache the next time a request is made, and to generate cache, the full WordPress process and all the plugins will be executed.

coreSecurity and Cache

coreSecurity is a WordPress plugin, and it works inside the WordPress normal processing, and it depends on WordPress loading and running to work. That means, that if the cached page is served, WordPress doesn’t load, and with that coreSecurity plugin doesn’t load.

If a user visits a page before the page is cached (or after the cache is cleared), the WordPress loads, and coreSecurity will run as it would normally do.

Affected Features and Solutions

While the cache can affect some of the features, coreActivity has alternatives you can consider when setting up the plugin


Some tweaks that deal with HTTP headers will be affected, because cached HTML responses don’t include HTTP headers. Most of these header related tweaks have .HTACCESS equivalents.


The first line of defence of the website is the Firewall, and coreActivity has a Firewall feature, and alternative Firewall implement through .HTACCESS file.

To learn more about the Firewall, how to set it up as a standalone feature or via .HTACCESS, and pros and cons of both methods, check out Setting up Firewall.

IP Banning

After the IP is banned, and stored in the database (no matter the ban reason), we need to ensure that any time request is sent from the IP, it gets stopped, and 403 error is returned.

To learn more on how to set this, and which method of deny access is better, check out the Setting up IP Banning.

Security Headers

coreSecurity has 3 features that deal with the security headers, and they are essential part of the website security.

To learn more on how to set up the headers, and which method for adding them is the best, check out this Setting up Security Headers.

Other plugin features and cache

No other features are affected by cache. All other features are dealing with the data from user input (login, registration, form submissions) and all of these will always require WordPress processing, and the responses to such requests are not cached.

Rate this article

You are not allowed to rate this post.

Leave a Comment