Lookit Cache Purge for Sucuri
Sucuri’s Website Firewall caches your pages on its global edge network. That caching makes your site fast, but it also means that when you update a page, visitors may continue to see the old version for up to 2 minutes — or longer.
Sucuri’s dashboard has a „Clear Cache – Per File“ feature that lets you purge a single URL from the edge cache. But to use it, you have to leave WordPress, log into the Sucuri WAF dashboard, navigate to Performance, and paste the path manually. Meanwhile, tools like WP Rocket’s Sucuri add-on only support full-site cache clearing — the nuclear option.
Lookit® Cache Purge for Sucuri fills this gap.
A clean „🛡 Sucuri Cache Purge“ menu appears in your WordPress admin bar with two options:
- Purge This URL — clears only the page you are currently editing or viewing
- Purge Entire Site — full cache purge when you need it (with a confirmation dialog)
The plugin uses Sucuri’s documented Website Firewall API. It does not touch any other Sucuri settings — no WAF rules, no SSL, no security options. Cache purge only.
Why This Plugin Exists
Sucuri’s own dashboard can clear a single URL, but there’s no easy way to do it from inside WordPress while you’re editing content. WP Rocket’s Sucuri add-on only offers full-site purging. The official Sucuri WordPress plugin is a security tool, not a cache-clearing tool. This plugin does exactly one thing: give you a button in the WordPress admin bar to purge a URL from Sucuri’s edge cache — without leaving the editor.
Features
- Context-aware: automatically detects the URL of the post or page you are editing or viewing
- Works in both wp-admin (post editor) and on the frontend (when logged in as an administrator)
- Full-site purge option with confirmation dialog
- Built-in rate limiting: 6 purges per minute per user, to prevent accidental hammering
- Handles Sucuri’s API rate limit (HTTP 429) gracefully, with clear retry-wait messages
- Lightweight — no zone settings, no DNS, no security toggles, no bloat
- Secure — uses Sucuri’s documented API with a scoped API Key
Requirements
- A Sucuri Website Firewall (WAF) account with your site connected
- The „API Key (for plugin)“ value from your Sucuri dashboard → API → API Details
Setup
- Install and activate the plugin
- Go to Settings → Sucuri Cache Purge
- Paste your Sucuri „API Key (for plugin)“ — it looks like
32characters/32characters - Save. The 🛡 Sucuri Cache Purge menu will now appear in your admin bar
Important: Static Files Cache Differently
Sucuri caches static files — images, CSS, JS, PDFs, fonts — on its edge network for up to 72 hours, regardless of per-URL purging. If you update a stylesheet or an image, a per-URL purge will not be enough. Use „Purge Entire Site“ instead, or use versioning (?ver=1.2.3) to force browsers to fetch the new version.
Important: 2-Minute Propagation
After a successful purge, Sucuri takes up to 2 minutes to fully flush the cache across its global edge network. If you do not see your change immediately, wait two minutes and reload. This is normal Sucuri behavior, not a plugin issue.
Documentation and Support
- Full documentation: https://lookitdesign.com/software/sucuri-cache-purge/
- Support: https://lookitdesign.com/sucuri-purge-support-form/
Lookit® is a registered trademark of ZENOVA CORP. Sucuri is a trademark of its respective owner (a GoDaddy brand); this plugin is an independent integration and is not affiliated with, sponsored by, or endorsed by Sucuri.
External Services
This plugin connects to the Sucuri Website Firewall (WAF) API to purge cached pages from Sucuri’s global edge network. This connection is required for the plugin’s core function — without it, no cache purging can occur.
What the service is used for: When you trigger a purge (a single URL or the entire site), the plugin sends a request to Sucuri’s WAF API asking it to clear the relevant cache.
What data is sent, and when: A request is sent to Sucuri only when you click „Purge This URL“ or „Purge Entire Site“ in the admin bar. Each request includes:
- Your Sucuri API Key and API Secret (the combined „API Key (for plugin)“ value you enter in the plugin settings), used to authenticate the request
- For a single-URL purge: the path of the page being purged (for example,
/about/)
No data about your site’s visitors is collected or transmitted. The plugin does not send any personally identifiable information (PII).
Service endpoint: https://waf.sucuri.net/api?v2
Service provider: Sucuri (GoDaddy Media Temple, Inc. d/b/a Sucuri)
- Terms of Service: https://sucuri.net/terms/
- Privacy Policy: https://sucuri.net/privacy/
