When a client's IP is Blocked by Defender, WP Rocket caches the lockout page

Here is my problem:
A lot of my clients are being IP blocked, and once I whitelist the IP addresses, WP Rocket still has the lockout page cached and they can't access their site until it is cached. This is very annoying and has been going on for months now. I've had to remove Defender from some sites (clients were not happy). :slight_frown:

  • Lindeni Mahlalela

    Hello frank_gomez,

    I hope you are doing great today and thank you for contacting us regarding this issue. I have gone through the documentation of WP Rocket and found a tutorial that shows how to exclude specific pages from cache.

    Please try this tutorial to exclude the Defender lockout page from being cached by WP Rocket.

    If excluding the url from cache is not an option especially if user is already locked, you may try the following code as a workaround to clear the cache if the user is not locked out.

    add_action('templare_redirect', 'wd_wpr_check_clear_cache' ) ;
    function wd_wpr_check_clear_cache(){
    	if ( class_exists('IP_Model') && function_exists('rocket_clean_files') ) {
    		$ip    = $this->getUserIp();
    		$model = IP_Model::findOne( array( 'ip' => $ip ) );
    		if ( ! $model->is_locked() ){
    			// create list of pages to clear in cache
    			$clear_urls = array(
    			rocket_clean_files( $clear_urls );
    	/**OR Clean a specific post
    			global $post;
    			rocket_clean_post( $post->ID );**/

    You can should add this code to your theme's functions.php file (should use child theme) or create a new .php file and add the php opening tag and paste the above code, save and upload the file to '/wp-content/mu-plugins/', so you should have a file in the location:


    with content like so:

    //paste the above code

    The code above is not final and I did not test it as I do not have the WP Rocket plugin but the code should be a solid foundation for a solution.

    In the example I have hooked to 'template_redirect' using the line:
    add_action('templare_redirect', 'wd_wpr_check_clear_cache' ) ;

    But you may also hook to 'init' which will run immediately after initializing WordPress using the line:
    add_action('init', 'wd_wpr_check_clear_cache' ) ;

    You may find more information about the functions that can be used to clear WP Rocket cache when on their functions documentation and you will also find some action hooks and filters you may find useful.

    I hope this helps. Please let us know if you need any further assistance with regards to this.

    Have a nice day.

  • frank_gomez

    What my experience is the entire site shows the defender "guy" even to new or "unblocked" users. I see it myself even though I'm whitelisted.

    I weakened all my settings closer to your defaults and haven't seen it happen since.

    Also I've set WP Rocket to clear cache every 2 - 4 hours on all of my sites.

    Clients are super pissed off when they see that guy - so I haven't amped anyone up to see if we can get him to show up again. The clients that saw it were from my most active websites.

    Some of my clients insisted that I remove defender so they are on WordFence (which I HATE).

    What we could do is use one of my wife's sites as a test and wait for it to get triggered. I could check it 3 times a day or something.

    SO I've changed the cache on this page SelfAsInstrument.me to 12 hours vs. 4 hours. AND I've amped up the lockouts to really strict with long lockout times and I've enabled WPMUDEV Support.

    Lets see if it happens again...

  • Lindeni Mahlalela

    Hello frank_gomez,

    I hope you are doing great today. Would you please update us as to what my colleague Hoang suggested. Did you contact the Rocket Cache developers about not caching 403 error pages? If yes, what was their response?

    On the website SelfAsInstrument.me, did you get any useful information that can help us resolve this?

    I am looking forward to your response.

    Have a nice day.

  • frank_gomez

    Nothing has happened recently to cause this problem.
    This is the response from WP Rocket

    "On most sites, error pages like 403s aren't normally cached. Do you know if that plugin uses a custom 403 page? If so, do you have a way to modify the template for it? If so, a DONOTCACHEPAGE constant could be placed in it to avoid this issue."

    I think we should close this ticket. I haven't seen it happen recently and I wasn't able to repeat it on SelfAsInstrument.me

Thank NAME, for their help.

Let NAME know exactly why they deserved these points.

Gift a custom amount of points.