Keep in mind that caching is one of the most important techniques available to speed your website and save resources.

If you are having caching issues on your website, here’s how you can solve your problems. As you scroll down the page, the options will become more advanced. Check if your problem was solved before moving to the next step.

1. Clear the Firewall Cache

The first thing to do is to clear the cache from Sucuri's dashboard.

2. Clear the Browser Cache

Your browser can, and probably will, cache lots of stuff in order to improve your experience, but it could be a problem sometimes. Try to clear the browser cache & cookies or access using the incognito mode.

3. Set Cache Level to “Site Caching”

Site Caching Mode As explained on the Caching Options article, with "Site Caching", the Sucuri Firewall will not cache page content for logged in users. This is the best option if you run a custom CMS, a forum like vBulletin or an eCommerce store. Cache-Control headers sent by your web server will be respected.

Most of the applications sends the right cache headers, however if you notice an issue, you can Investigate if your server is sending the right cache headers.

4. Cache Exceptions & Versioning

If you want to disable caching on specific files or directories, there's an easy way to do it without having to disable the entire cache.

Attention: Please, don’t insert high traffic pages/directories like /feed/ on the non-cache URL. Your website will be vulnerable to DDoS attacks.

We will still cache images, .css, .js, .pdf, .txt, .mp3 and a few more extensions on Sucuri's anycast network locations, regardless of the cache mode or non-cached URLs. The only way to flush/clear the cache for these is by cleaning Sucuri Firewall cache or using Versioning.

Versioning is nothing more than adding a query string such as "?ver=123.1" and incrementing (such as ?ver=123.2) on each update so you can see the updates as expected. It is very useful during development.

5. Disable Compression

In rare cases, the compression on the Firewall side can conflict with the compression on the server side. Disabling the compression on the Firewall side could help on these cases.

6. Cron Job

If you got there, you are probably wondering what you did wrong. Don’t worry, Sucuri heroes created an API to help you.

Login to the Firewall dashboard and then go to API -> API Details. There you will see a Clear Cache (CloudProxy API v1) button, copy the link of the button and create a Cron Job on your server to access the URL every X minutes/hours you like.

Let’s say you want to clear the cache every 6 hours, so your Cron Job will look like this:

0 */6 * * * curl "" >/dev/null 2>&1

Don’t copy this example without changing your api_key and api_secret. Both of them are available on the Firewall dashboard, menu API -> API Details. If you copied the link of the button mentioned previously, you just need to replace the URL between "" (quotation marks).

You can generate the Cron Job syntax online:

If you don’t know how to setup a Cron Job on your server, you can learn from the following links:

ATTENTION: You shouldn't clear the cache twice in a row (with a two minutes window) because subsequent requests in a short period of time will be ignored. Cache is very important, so we don’t recommend setting the Cron Job to run every hour. If you do that, it can slow down your site.

If you don’t know how to do this, please open a General Support Request. Your case will be assigned by a trained support agent that will access your server and configure the Cron Job for you.

7. WebHook

You don’t want to use Cron Job and none of the previous options has resolved your issue. Okey-dokey, let’s try a WebHooks.

If you are on WordPress, install and activate Code Snippets plugin.

  1. Go to Snippets -> Add New on your WordPress admin.
  2. On Name (short title) field, insert "Sucuri Clear Cache”;
  3. On the Code field, insert the code below:
  4. Between the '' (apostrophes) of $key and $secret, insert your API Key and API Secret, available on the Firewall dashboard, menu API -> API Details;
  5. Press Save Changes and Activate.

Sucuri Clear Cache Snippet

If you are on any other platform, we don’t have a ready code for you, but the logic is basically the same as the WordPress code:

  1. Function that recognize changes on the website, like an post update;
  2. GET request to the Clear Cache URL from API;

You should speak with your developer to generate this code for you.

8. Microcaching (Max Age)

If you don’t mind to have an quick delay between the updates of your website dynamic pages, set the Cache Level on “Site Caching” and then put those lines on your .htaccess file:

# BEGIN Cache-Control Headers for Dynamic Requests
    <ifModule mod_headers.c>
        <filesMatch "\.(x?html?|php)$">
            Header set Cache-Control "public, max-age=120"
# END Cache-Control Headers for Dynamic Requests

If you don’t know how to do this, please open a General Support Request. Your case will be assigned by a trained support agent that will access your server and configure the .htaccess file for you.

For NGINX servers, you should speak with your hosting provider to convert those .htaccess lines to NGINX rules.

9. Static Cookieless Sub-domain

Sometimes you may need to avoid static files cache, even with Versioning. Since static files, such as CSS, JS and images, don’t make use of cookies, you can create a new sub-domain, only to serve static content without cookies and cache. There a couple always to do it and you can also make use of a CDN, but as It is a bit tricky to set up, so we’ll not explain this here. Please, search for “how to set up a cookieless sub-domain” on the main search engines and you’ll be able to do it on your own.

10. Disable the Cache

This option must be the last one and should always be avoid.

With the "Disabled" option selected as the Cache Level, the Sucuri Firewall will continue to cache static files such as images, .swf, .css, .js, .pdf, .txt, .mp3, .mp4 and fonts. Keep in mind that if your web servers instructs otherwise, like "Cache-Control: public, max-age=XXX" the Firewall will follow the instruction and cache for that XXX seconds.

DON’T FORGET: Static files will always be cached by our Firewall, unless you use “Versioning” as explained on 4º step. Another option is to use a sub-domain for the static files, but it is an advanced technique and should be configured by a hired specialist.