Cloudflare WAF – doing more with less

I often get asked what blogging platform I recommend for individuals and small organisations, and I invariably suggest WordPress – it is commonly available across multiple web hosting providers, has plugins to cover almost every requirement, and can scale to grow to support almost all usage patterns. However, the common use of WordPress is both a blessing and a curse. Install a WordPress site, post a blog post, and within minutes you will see bots and script kiddies trying to break your site. This is where Cloudflare WAF (Web Application Firewall) helps.

Cloudflare is a platform that “helps your business work, deliver, and innovate everywhere“. While Cloudflare does have paid and supported services, there are several free services that EVERYONE should be putting in place in front of their web services. From DNS hosting, Content Distribution Network (CDN), and SSL certificates to Web Application Firewall (WAF), Cloudflare should be a part of your toolkit.

The name firewall originated in the automotive industry to describe the panel between the engine compartment and the passenger compartment in a vehicle that is intended to prevent the spread of fires from the engine. The term firewall has been extended into the Information Technology space to describe a security device that protects and reduces the impacts of malicious attacks from the Internet. By extension, a Web Application Firewall focuses on protecting Web Applications (your blog, for example).

While checking the access logs of the WordPress sites I manage, I noticed a lot of automated (bot) attempts to login or find vulnerabilities that could be leveraged. While these break-in attempts are usually benign, each attempt consumes resources that can be better utilised to serve content faster, or perhaps have the website running on a cheaper cost service – and this is where the free Cloudflare WAF lets me do more with less.

By following the steps in Cloudflare Firewall Rules for Securing WordPress, I have been able to substantially reduce the spurious accesses to the sites, and further improved the performance of the sites. Simples!

If you’re looking for a great WordPress hosting provider in Australia, I strongly recommend VentraIP. Please note that this is a referral link.