Tools
The Tools page bundles every maintenance and diagnostic action the Image Proxy offers. Each card is independent — running one does not affect the others.
Purge cache
Clears every image currently held in the active cache backend.
- Click Clear cache now and confirm the prompt — the action cannot be undone.
- The success message reports how many bytes were freed.
- The next request for each image will be a cache miss and re-populate the cache.
Memcached
With the Memcached backend, Purge flushes the entire Memcached server, including data unrelated to the Image Proxy. See Cache Backends → Memcached.
Routing check
Verifies that the proxy URL pattern actually reaches PHP. With "Plain" permalinks the plugin automatically falls back to /index.php URLs — this tool tells you whether the fallback kicked in and whether the resulting URL actually works.
Click Run routing check to run a live self-fetch. The result panel reports:
| Field | Meaning |
|---|---|
| Permalink mode | The current WordPress permalink mode (pretty, plain, …) and the configured structure string. |
| Fallback active | Yes when WordPress is on Plain Permalinks and the plugin prepends /index.php to proxy URLs; otherwise No. |
| Sample proxy URL | A live example of the URL pattern visitors will hit. |
| Live response | The HTTP status returned by the self-fetch and the value of the X-Asa2-Cache response header (hit, miss, or bypass). |
| Hint | A short diagnostic message from the underlying check (e.g. "Permalinks are set to Plain — using /index.php fallback"). |
| Recommendation | Concrete next step if the check failed. |
This is the canonical instrument for diagnosing the "images don't load at all" class of problem — see Troubleshooting → Routing not working.
Test fetch
Runs one full pipeline pass against a source URL without writing to the cache and without polluting the statistics. The fastest way to prove SSRF rules and origin reachability.
Provide:
- URL — the source image to test (e.g. an Amazon CDN URL or any other host the proxy is allowed to fetch from).
- Width / Height (optional) — target dimensions for the resize step. Leave empty to skip resizing.
The result panel either shows Success with the resulting content type, dimensions, and byte count, or Failed at stage: <stage> where <stage> is one of:
| Stage | What it means |
|---|---|
security | The SecurityGuard rejected the URL (bad scheme, IP blocked, host not allowed). |
fetch | The origin returned an error, a non-success HTTP status, or no data. |
decode | The bytes came back but GD could not decode them (corrupt, unsupported format). |
success | Everything passed. |
The displayed Error code links to a matching entry in Troubleshooting.
Signing secret
Rotates the HMAC secret used to sign proxy URLs. The ASA2 template cache is flushed automatically so cached pages re-render with freshly signed URLs.
When to rotate: after copying the site from a staging environment to production (so both no longer share the same secret), or if you suspect the secret has leaked. For routine operation this button does not need to be pressed — all existing signed URLs stop working immediately on rotation.
Click Regenerate signing secret and confirm. The new secret is generated and stored immediately. Every previously emitted signed URL stops working from that moment on — by design.
After a successful rotation the screen confirms:
Signing secret rotated and ASA2 template cache flushed. Any previously signed URLs are now invalidated.
In the rare case that ASA2 Core is deactivated when you rotate, the template cache cannot be flushed and the message is:
Signing secret rotated. Any previously signed URLs are now invalidated. Note: ASA2 template cache was not flushed — clear it manually if cached pages still reference old URLs.
If a page-level cache plugin or CDN sits in front of WordPress, flush that as well — the auto-flush only covers the ASA2 template cache.
If URL signing is currently off, rotating the secret has no immediate visible effect — the new secret simply replaces the unused one.
Diagnostic report
Downloads a sanitised JSON snapshot of the plugin configuration and environment. Useful when you need to share state with support without sending screenshots of every screen.
Click Download diagnostic JSON — the file is named asa2-image-proxy-diagnostic-YYYY-MM-DD.json and contains:
- Active settings (master switch, cache mode, lifetime, URL slug, …).
- Detected PHP extensions and capability flags.
- The current routing snapshot.
- Recent error codes and counters.
Privacy
Passwords and secrets are never included. The Redis password and HMAC signing secret are stripped before the file is generated.