The foundation for security on my WordPress websites is CloudFlare and Wordfence.
Read on to see why this level of security is important, and to see how easy it is to implement.
Before I start, you should understand that CloudFlare works on any website, not just WordPress sites. However, you should discuss it with your website hosting partner, before you signup with CloudFlare. Your web server setup will probably need tweaking to maintain your server log IP addresses properly. With WordPress, there is a plugin to handle some of this, but if you rely on server statistics, contact your host first. CloudFlare has a hosting partner program, whereby web hosting companies can integrate CloudFlare into their control panel service.
I’m currently reviewing CloudFlare Hosting Partners. They have an extensive list on their website. However, the list includes some companies I have found unreliable in the past. Let me know your views if you currently use a CloudFlare accredited website host.
CloudFlare is both a speed and security tool. I look at speed issues in other articles. For now, let’s focus on security.
CloudFlare Security operates globally, locally, and communally. And Shrewdies Managed Website Security adds another level.
At the global level, CloudFlare monitors millions of IP addresses to identify network attacks. It can challenge suspicious behavior, and block persistent offenders. It’s important to be aware that this happens before bad traffic hits your website. Because CloudFlare intercepts all traffic to your website, it is protected without using any local resources. Like living in a gated community, the bad guys never get near your property. CloudFlare constantly monitors the good guys, to ensure that responsible search engines, social media, and similar allies are never blocked.
At local level, you can easily block known bad IP addresses, and challenge suspicious addresses. To ensure you never block yourself, or important visitors, it’s important to whitelist all user IP addresses, performance monitors, and other services that you authorize.
Within the CloudFlare community, your assessment of IP addresses is used collectively. You make the CloudFlare system smarter, and you benefit from all other users IP address reporting. The more you use CloudFlare, the stronger it gets.
Bear in mind that you have to find time to monitor and report IP address infringements. Usually, a couple of hours a week are all that’s required. However, during severe global security attacks, monitoring time can rise significantly. If you’d rather spend that time growing your business, Shrewdies hosting includes CloudFlare Security Auditing and Management. All ShrewdSites are protected by my Group CloudFlare Account. You do not need to worry. I challenge threats wherever they are identified, and block serious threats. I monitor and whitelist all authorized users. I manage your CloudFlare Security, so you can manage Your Business.
For new threats, Wordfence Security keeps out all the bad guys. Wordfence also runs regular security scans to identify potential weaknesses. The biggest weaknesses in WordPress are poorly managed users. Wordfence checks include:
- Outdated Core, Plugins, and Themes
- Weak passwords
- File tampering
- Malware injections
With a massive user base, and dedicated support team, Wordfence is continuously identifying and blocking new threats. It’s the ideal companion to CloudFlare. We can challenge visitors from compromised countries or networks. We can block persistent offenders completely.
There are many other aspects to WordPress Security. Search for them in the search box near the top of the screen. All the features of my WordPress Security Services rely on this strong foundation. CloudFlare and Wordfence is absolutely the best starting point for WordPress Security.