BrenWP Cache - ChoosePlugin.com

Lightweight, privacy-friendly file-based page caching with a modern, strictly scoped WP Admin UI.

Author:	Brendigo (profile at wordpress.org)
WordPress version required:	6.0
WordPress version tested:	6.9.4
Plugin version:	1.0.1
Added to WordPress repository:	28-12-2025
Last updated:	02-01-2026
Rating, %:	0
Rated by:	0
Plugin URI:	https://brenwp.com/
Total downloads:	169
Click to start download

BrenWP Cache speeds up WordPress by serving cached HTML pages to anonymous visitors. On a cache miss, WordPress renders the page normally; BrenWP Cache captures the final HTML output and stores it as a file. On subsequent requests, the cached HTML is served early, reducing server load and improving response times.

This plugin is intentionally minimal, transparent, and WordPress.org-friendly:
* No telemetry, no tracking, no “phone home”
* No external services or dependencies
* Admin UI assets are strictly scoped to this plugin’s pages

Key features

Full-page file cache for anonymous visitors
* Caches full HTML documents for GET requests only.
* Designed for the common “public pages” scenario where most traffic is anonymous.
* Avoids caching in common non-cacheable contexts such as admin, AJAX, REST, feeds, previews, searches, and similar endpoints.

Rules to prevent caching personalized or dynamic content
* Exclude logged-in users (recommended; enabled by default).
* Exclude URLs (one per line):
– Prefix rules (e.g. /checkout)
– Wildcards (e.g. /cart*)
* Exclude by cookies (useful for ecommerce/session cookies).
* Exclude by user agent (bots, scanners, special clients).
* Bypass query parameter: when present (e.g. ?nocache=1) caching is bypassed for that request.
* Optional 404 caching (disabled by default; enable only if your 404 output is safe and static).

Tools and automation
* One-click Purge cache tool in WP Admin.
* Optional auto-purge when posts are updated (useful for content sites that publish/edit frequently).

Security and WordPress.org compliance
BrenWP Cache is built to meet WordPress.org review expectations:
* Capability checks + nonces for state-changing admin actions
* Strict sanitization/validation of input and late escaping for output
* Cache directory is constrained under wp-content/cache/brenwp-cache with path safety guards
* Cached HTML is served as a full document (not escaped) and is integrity-verified with an HMAC signature; unsigned/invalid cache is treated as a miss
* No obfuscation, no remote calls, no dangerous execution patterns

Recommended usage (important)

A full-page cache should never store private/personalized output. For best results:
* Keep “Exclude logged-in users” enabled.
* Add exclusions for dynamic endpoints such as:
– /checkout, /cart, /my-account (WooCommerce)
– Any pages that show user-specific data, pricing, currency switching, or session-based content
* If a page sets cookies or sends Cache-Control: private/no-store/no-cache, it will not be cached.

Developed by Brendigo LTD.

Privacy

BrenWP Cache does not collect personal data and does not send telemetry. Optional Preload requests only your own site URLs.
Caching is file-based on your server, stored under your WordPress content directory, and controlled by your configuration.

Screenshots
FAQ
ChangeLog

1.0.1

Added early serving support within the plugin (no drop-ins required).
Added Health tab with runtime checks (cache directory permissions, cache size, last purge, and counters).
Added Preload (WP-Cron) and Garbage Collection (WP-Cron) automation.
Added marketing query-string stripping and allowlist query parameters.
Added mobile cache variant option (separate cache key for mobile vs desktop).
Improved purge behavior and safety guards.
Admin UX: one-click global purge button and WP Admin Bar shortcut.
Privacy-safe analytics: top cached paths (path-only; no query strings) and daily cache size trend sampling (admin-only).
Security: do not cache requests with Authorization headers.
Security: Preload/Warm-cache accepts only local (same-host) URLs and uses hardened HTTP options (reject unsafe URLs; no redirects).
Cache correctness: explicitly bypass cache for core endpoints (wp-login.php, wp-json, xmlrpc.php, wp-cron.php).
Compatibility: recursive cache directory creation (wp_mkdir_p) to prevent missing cache/config on fresh installs.
Performance: cache size calculations are transient-cached to avoid frequent full disk scans.
Code quality: removed deprecated add_option() parameter usage and hardened error accounting.

1.0.0

Initial WordPress.org-ready release.
Full-page, file-based caching for anonymous visitors (GET requests).
Modern, strictly scoped WP Admin UI (hero + navigation + cards; no global admin overrides).
Rules engine for cache bypass/exclusion:
- Exclude logged-in users
- Exclude URLs (prefix, wildcard)
- Exclude by cookies and user agents
- Optional bypass query parameter
- Optional 404 caching (disabled by default)
Safety hardening:
- Capability checks + nonces for state-changing admin actions
- Input sanitization/validation and late output escaping
- Cache directory constrained to wp-content/cache/brenwp-cache with path safety guards
- Cached HTML integrity verification (HMAC signature); unsigned/invalid cache treated as miss
- Avoid caching responses that set cookies or specify no-cache/no-store/private directives
Tools:
- One-click purge
- Optional auto-purge on post updates
Uninstall cleanup removes plugin options, stats, HMAC key, and cache directory (best-effort).

Hide ChangeLog