[WP Cerber] WordPress Plugins and Themes with Known Issues Doc Update

[jazzsequence]

Re: WordPress Plugins and Themes with Known Issues

Priority: Medium

Issue Description:

WP Cerber Security plugin is incompatible with Pantheon edge caching.

WP Cerber creates session-like cookies that are so unique that even using the STYXKEY_ prefix invalidates cache (or, actually, just makes a lot of cache buckets of one). It's unclear what this is trying to do, but, as reported in community slack, this is a thing that is an issue on other hosts as well.

The plugin's wordpress.org page has been closed for 2 years for a "security issue" and the plugin is no longer able to be downloaded, however a community member was able to find a workaround. In her words:

So, to make WP Cerber compatible with Siteground’s caching system, you need to disable “Protect comment form with bot detection engine” and “Protect all forms on the website with bot detection engine” in the anti-spam settings. I disabled those settings, cleared the site cache, reloaded the page a couple of times in incognito mode and finally got a cache hit!

Suggested Resolution

Update WP Plugins with Known issues to advise against using WP Cerber for the above reasons, but if users are going to use it, provide the above workaround.

Also add this to the compatibility layer in the Pantheon MU plugin https://github.com/pantheon-systems/pantheon-mu-plugin/issues/52

[jazzsequence]

Confirmed that these settings make a site uncacheable. Specifically the following:

• cerber-antispam[botsany]
• cerber-antispam[botscomm]
• cerber-antispam[botsreg]