A website is using WordPress, Joomla, Drupal is common. There is a huge collection of plug-ins, modules, and components. Most are free can download from the internet.
Because open source applications are free, they are a very popular choice example a WordPress website. 6 out of 10 websites are using WordPress. The installation script is available on the most popular hosting panel. A few clicks away, WordPress website will be ready for you
But do you know these websites are hackable? The vulnerabilities are in these open source CMS. Because the code on the CMS is readable by anyone. The bad guys will find its loopholes and exploit them.
So it is common to hear from someone, he or she has a hacked WordPress website. Can we protect it? Do we need to install a costly appliance? In the past, engineers installed expensive equipment for combat web intrusion. Never think that the web protection existed with your web hosting which is not the case. In this modern world, cloud web protection is available at an affordable price.
There are 2 similar website protection services can do the job., Cloudflare, and Sucuri. Both are available at Vastspace. They have the same goal to filter any known or even suspicious malicious activities. Starts with as little as USD 20, you have CDN to speed up connections to your website and protects them at the same time. Not limited to DDOS attacks itself.
Cloudflare has more POPs than Sucuri. The connection to your website from many places is faster. But this is numbers on paper. Many cases, you cannot tell the difference because they are in milliseconds. I have tried both, they offered protection but I like Sucuri more.
I have a trial service on the Sucuri Website Firewall PRO and monitoring. From the control panel, you get to see the website health status after you have logged in. The information is something you will not have in Cloudflare. They provide you with an overview of the website health. Spamhaus status is good, can use as a reference on your mail server RBL if they hosted together. Also, you can adjust the scan interval as low as 6 hours on the scan or scan daily as a routine.
At the website firewall, you will get an overview of allowed and blocked traffic. More useful options like access control, security, performance, and SSL on the settings. For Cloudflare, I’m overwhelmed with the features. Most layman will want to pay you to solve their problem. After the initial setup, they hardly log in to tweak the settings. So, I felt that some of these settings might be too much for them to digest. On Sucuri, the most essential settings are available. Except that you might want to have a closer look at advance security option and protected pages at access control. These are good options if you have a WordPress or Joomla website if you want to protect sensitive URL.
But, there is a con on both setups. If they are not set up correctly, attackers can bypass this firewall. Eventually, your website is not protected. So, make sure you talk to a certified engineer.
Also, like your FTP, email service, webmail, and control panel can ruin too. Make sure you check this service and ask if there is any workaround.
Feel free to write to firstname.lastname@example.org if you have questions about the 2 services. As their partner, we are glad to assist you.