Our customers install the CrowdHandler plugin to withstand heavy traffic. Unsurprisingly, the same customers often install caching plugins to speed up their websites. Unfortunately there can be a conflict between the two, and caching plugins and cloud services can interfere with CrowdHandler’s ability to offload and return users to your site fairly.
Unless you understand the dynamics of your caching system very well, we recommend disabling caching plugins and cloud caching services when using CrowdHandler. Users have reported issues using our WordPress plugin with:
- Kinsta
- NitroPack
- LiteSpeed cache
- CloudFlare (when set to cache pages, not just assets)
There are many caching plugins and services available for WordPress and others, not listed above, could cause issues. Whilst CrowdHandler acts as a ‘good citizen’ and sets the correct standards-based cache headers to assist third party services, these are not always respected as some plugins seek to maximise caching behavior by overriding standards.
Cloud-based services may be particularly susceptible to this issue, because the caching behavior is implemented outside WordPress, and can not be overridden by our plugin.
Note: We are unable to troubleshoot configuration issues caused by plugin incompatibilities and third-party services. If you are negatively impacted by caching behavior, and are unable to resolve caching issues by disabling plugins, consider disabling the WordPress plugin and using our JavaScript instead. The JavaScript plays well with caching systems, and the combination of well-cached pages, and JavaScript can be effective in reducing load on Wordpress sites.
What’s the problem?
Our Wordpress Plugin checks the user’s cookie with the CrowdHandler API and redirects the user to the waiting room if they need to wait. Caching plugins can cache the cookie and/or the redirect. This means that users can come back to the site from the waiting room but be sent back, because the caching plugin has cached another user’s cookie or redirect. This will result in users being sent to the waiting room multiple times, and with a seeming randomness relating to whether the user gets through or not.
Can I confirm if my site has this issue?
If you think your site is experiencing this problem, or want to test for this possibility, there is a simple test you can run in a terminal window.
Run:
curl -I https://yourdomain.com/some-protected-url
You should see the CrowdHandler headers come back from your page, including the crowdhandler cookie. If you do not see the headers at all, but you do see some type of cache: hit header, this indicates you are viewing a cached page, and the CrowdHandler plugin is not being invoked. If you do see the headers and cookie then repeat the request quickly. If the same cookie comes back (identical value), it is being cached.
What should I do?
- Disable caching plugins and services and repeat the test. If you start to see a new cookie each time, the issue is resolved. (it may take some time for caches to expire before you see the fix)
- If you’re unable to disable caching services, switch the implementation method to JavaScript in the CrowdHandler Admin panel, ensure our JavaScript is installed on your site, and disable the WordPress plugin. The JavaScript integration sets and retrieves cookies and redirects in JavaScript, and is not susceptible to these being cached. In this case, caching is good. If your caching plugins are working well, your landing pages should serve fast and the JavaScript will offload the user before they interact with non-cached pages, causing high load.
- If CrowdHandler is protecting only un-cached URLs then it will not be susceptible to this issue, so you could try reducing the URL coverage of your waiting room to URLs that are not cached.
- If the caching layer causing the problem is Cloudflare, you should probably be using our Cloudflare edge worker instead of the Wordpress Plugin. Set up the edge worker, and disable the Wordpress plugin. If you are using our Cloudflare edge worker, with a Wordpress backend, we recommend raising a support ticket with us so that we can install wordpress url exclusions on your account.