WordPress Security Foundation

WordPress Security Foundation image

The foundation for security on my WordPress websites is CloudFlare and Wordfence.

Read on to see why this level of security is important, and to see how easy it is to implement.

Before I start, you should understand that CloudFlare works on any website, not just WordPress sites. However, you should discuss it with your website hosting partner, before you signup with CloudFlare. Your web server setup will probably need tweaking to maintain your server log IP addresses properly. With WordPress, there is a plugin to handle some of this, but if you rely on server statistics, contact your host first. CloudFlare has a hosting partner program, whereby web hosting companies can integrate CloudFlare into their control panel service.

I’m currently reviewing CloudFlare Hosting Partners. They have an extensive list on their website. However, the list includes some companies I have found unreliable in the past. Let me know your views if you currently use a CloudFlare accredited website host.

CloudFlare Security

CloudFlare is both a speed and security tool. I look at speed issues in other articles. For now, let’s focus on security.

CloudFlare Security operates globally, locally, and communally. And Shrewdies Managed Website Security adds another level.

At the global level, CloudFlare monitors millions of IP addresses to identify network attacks. It can challenge suspicious behavior, and block persistent offenders. It’s important to be aware that this happens before bad traffic hits your website. Because CloudFlare intercepts all traffic to your website, it is protected without using any local resources. Like living in a gated community, the bad guys never get near your property. CloudFlare constantly monitors the good guys, to ensure that responsible search engines, social media, and similar allies are never blocked.

At local level, you can easily block known bad IP addresses, and challenge suspicious addresses. To ensure you never block yourself, or important visitors, it’s important to whitelist all user IP addresses, performance monitors, and other services that you authorize.

Within the CloudFlare community, your assessment of IP addresses is used collectively. You make the CloudFlare system smarter, and you benefit from all other users IP address reporting. The more you use CloudFlare, the stronger it gets.

Bear in mind that you have to find time to monitor and report IP address infringements. Usually, a couple of hours a week are all that’s required. However, during severe global security attacks, monitoring time can rise significantly. If you’d rather spend that time growing your business, Shrewdies hosting includes CloudFlare Security Auditing and Management. All ShrewdSites are protected by my Group CloudFlare Account. You do not need to worry. I challenge threats wherever they are identified, and block serious threats. I monitor and whitelist all authorized users. I manage your CloudFlare Security, so you can manage Your Business.

WordPress Security Foundation image

Wordfence Security

For new threats, Wordfence Security keeps out all the bad guys. Wordfence also runs regular security scans to identify potential weaknesses. The biggest weaknesses in WordPress are poorly managed users. Wordfence checks include:

  • Outdated Core, Plugins, and Themes
  • Weak passwords
  • File tampering
  • Malware injections

With a massive user base, and dedicated support team, Wordfence is continuously identifying and blocking new threats. It’s the ideal companion to CloudFlare. We can challenge visitors from compromised countries or networks. We can block persistent offenders completely.

There are many other aspects to WordPress Security. Search for them in the search box near the top of the screen. All the features of my WordPress Security Services rely on this strong foundation. CloudFlare and Wordfence is absolutely the best starting point for WordPress Security.

If you need help with security for your web business, please ask in the Web Hosting Forum. You can also click the orange Internet Help button, or raise a ticket in my Internet Support helpdesk.

2 Replies to “WordPress Security Foundation”

  1. Since writing this article, I’ve stopped using WordFence. Because it became too complicated for my needs. So I now focus on maintaining Cloudflare as it makes a good job of blocking unwanted intruders out of the box. But it also provides many more options for fine-tuning digital asset security and business website speed.

    Most importantly, any site speed concerns are dealt with using Cloudflare’s Railgun service. Now that’s not cheap as a standard service for small and medium-sized enterprises. But several hosts include Railgun on their shared hosting plans. So I recommend business owners use such a host. Or let me install or migrate your website to my own Railgun-powered service.

    As I’ve learned to avoid becoming reliant on a single hosting service. It’s time for me to teach you about website hosting services that offer railgun hosting. So I’ll start with a list of such hosting companies. Then I’ll review the hosting options available and continue to add more as I learn about them.

    Hosting companies who include Cloudflare Railgun are:
    – kualo.com
    – nestify.io
    – NameHero.com

    Plus one sleeping giant who won’t get a mention from me as their security standards are appalling.

    If you know of other hosting companies who include Railgun in their plans, please tell me using the Feedback Form above.

  2. I’ve noticed that 101 Domains are now a Cloudflare Partner. But at the time of writing, it seems they are offering Cloudflare services in separate service packages. Not as part of hosting packages.

    This seems like a way of obtaining Cloudflare services but from a third party. So far, I haven’t studied the pros and cons. But the prices of different service levels are at https://www.101domain.com/secure_web_accelerator_comparison.htm. Also of interest is their Secure Web Accelerator documentation

Leave a Reply