Website security is a major concern for website owners, both large and small. This means it’s a major concern for us here at Delmarva Group, LLC and our hosting solutions. Hackers are indiscriminate. They will send their bots out to search the internet, looking for any websites with security vulnerabilities that can be exploited. Fortunately, CloudFlare, a leading content delivery network service, provides integrated security and DDoS mitigation that keep hackers from even reaching your website.
On a fairly regular basis, there are news reports of major website attacks. In 2020, there were many security breaches, including companies like LifeLock, Reddit, Instagram, Facebook, and numerous others. Consequently, many smaller businesses believe that a cost-effective solution is not available within their budget or technical expertise. CloudFlare provides both free and paid solutions.
There are three main security issues that CloudFlare can solve:
- Distributed Denial-of-Service (DDoS) – These attacks are intended to cause a machine or network resource to become unavailable to users by interrupting or suspending services of the web host connected.
- Malicious Bot Abuse – The most common types of malicious bot abuse include account takeover, fraudulent shopping cart checkouts, and content scraping.
- Shared Server – The majority of websites reside on shared web servers. If your website becomes infected with malicious code or overloaded, it will negatively impact all websites hosted on the server, potentially causing your site to become shut down.
Hardening Website Security with CloudFlare
It is important to protect your website from outside threats. CloudFlare is a comprehensive content delivery network service that protects and accelerates any website online. Once a website on the CloudFlare network, the web traffic is routed through their global network. In addition to automatically optimizing the delivery of web pages, CloudFlare’s security stands between visitors and the website.
After signing up and initially configuring CloudFlare, there are multiple security settings to review.
Basic CloudFlare Firewall Settings
- Security Level – It is a good idea to choose either the Medium or High setting. This section determines which visitors will be presented with a challenge page based on tracked behavior. Medium will challenge both moderate threats and the most threatening visitors. High will challenge any visitors that have exhibited any threatening behavior over the last 14 days.
- Access Rules – In this section, you can create individual rules for access based on an IP address, IP address range, Autonomous System Number (ASN), or Country. Options include outright blocking, challenging a visitor with a CAPTCHA, challenging with a math problem and time delay, or even whitelisting trusted IPs.
- Firewall Rules – CloudFlare Firewall Rules provides the ability to use multiple criteria to customize how traffic is examined, blocked, challenged, or allowed. The use of various fields, comparisons and compound expressions work together to provide power and flexibility.
While this is not an exhaustive list of CloudFlare security settings, they can resolve many issues for a small business website. In fact, after implementing, you may also notice that your website loads faster, which will benefit your legitimate visitors and may help improve your rank within search results.
Hackers want to gain access to your website to acquire your user data, to inject malicious code, or just to simply bring it down. Many are seeking to collect personal information for identity theft, to use your website’s resources for their own personal gain, to procure banking information, or make fraudulent transactions. Hackers are skilled and many websites are sitting ducks, being both susceptible and unprotected.
How do you harden your website security and protect against hackers? Ultimately, when a website owner wants to harden their security, there is a cost-benefit analysis to consider. There are few services that compare to CloudFlare. Simply put, CloudFlare provides exceptional website security for free, with reasonably priced upgrades. What haven’t we covered yet that is important to you? If you would like more information on how to use CloudFlare to harden your website security, or a related topic, please contact us.
We should note that all of our hosting plans include the base level of CloudFlare services.