Cloud-Based Web Application Firewall – Protect Your Website Against Future Threats

Sucuri complete website protection

Summary (full details below):

Product name: Sucuri Complete Website Protection
Price: From US$20/month, but there are multiple options
Where to buy: Sucuri
What it does: Protects your website against hackers: malware protection, DDoS attack protection, speeds up page load time. Recovery service for sites that are hacked: complete analysis and malware removal, blacklist removal, password updates, vulnerability fixes (if required)
Rating: 4.95/5.00

Please assume any links on this page are affiliate links. An affiliate link means I will get a small commission if you decide to buy the product, but it will not affect the price you pay. The price you pay is the same, whether you buy it through my link or go directly to the site.

What’s a web application firewall?

A web application firewall is a software-based firewall through which all traffic to your website is screened before reaching the server on which your website resides.

It differs from a infrastructure-based firewall (which most organisations have had for years) because it resides on a network of servers world-wide (called a Content Distribution Network or CDN). This means it is able to handle many, many times the volume of traffic from anywhere on the Internet much more quickly and efficiently than a central, infrastructure-based firewall.

It also means that a security threat that surfaces in one geographic region can immediately be blocked worldwide and so it is highly effective at slowing down the global spread of new malware.

This diagram explains how a CDN and web application firewall operates:

A CDN network graphic

The traditional structure is on the left where you have a central server, which is protected by an infrastructure-based firewall and is accessed by websites from anywhere on the Internet.

On the right is a Content Distribution Network. In this structure copies of your website reside on each of the satellite servers (indicated in red), each of which is protected by the web application firewall.

This has 2 major benefits:

  1. Your website resides as close as possible to the visitor accessing it, wherever they may be, and that speeds up the page load time for that visitor
  2. When a new malware threat is detected the required protection code is updated centrally and immediately implemented in the firewall protection for all the servers world-wide

So your website:

  • Loads more quickly
  • Loads consistently
  • Is protected dynamically against existing, new and emerging malware threats

Why would this be important?

Because cyber-crime is one of the fastest real growth industries around today, as this diagram illustrates, with thanks to Secureworks:

Graph showing growth of cyber-crime

Image from Secureworks

Although these figures date from 2016, it is the trend that is important. And it is delivering an unmistakable message!

I’ve said elsewhere on this site that no website can ever be 100% hack proof. If someone wants to get into your website, they will.

Even Sucuri, a company that specialises in providing protection and recovery services for content-management-system-based websites (of which WordPress is one), tells you that you should work on the assumption that your website will be hacked, and put plans in place accordingly.

It’s a case of ‘when’, not ‘if’.

You will no doubt be familiar with the high-profile cyber-attacks on companies like Yahoo, LinkedIn, Adobe, the NHS in the UK, the Democratic Party in the US, Sony and others.

The fact remains, though, that hundreds of thousands of hack attacks take place every day. Google blacklists 10,000 websites each week, because they have been hacked and had malware planted in them.

Which Web Application Firewall provider do I use?

Sucuri banner adI’ve used Sucuri for the past 3 years and I’ve been delighted with the result.

As soon as I implemented the service there was an immediate improvement in both the page load speed of the site and the consistency with which it loaded. No more fast loading one day and slow loading the next!

And, to date, the site has remained safe from all threats.

As always, an excellent level of support is the key thing I look for (and I move on from service providers until I find one that delivers it). And the Sucuri team are quick, detailed and thorough in their responses. Sucuri delivers top class service.

Setting up is quick and easy

Once you sign up for the service you will be given some DNS settings that you will need to edit at your domain registrar. This will ensure that all traffic to your website is routed through the Sucuri servers operating the web application firewall.

Once you’ve changed the DNS settings you’re good to go – don’t adjust any settings in your Sucuri account unless you know what you’re doing!

There is one thing to watch out for: if you make changes to the design or layout of your site, you will need to remember to log in to Sucuri and clear the cache before you will see those design changes on the front end.

Doing that is simply a case of logging into your account, clicking the ‘Performance’ tab under ‘Settings’ in the menu and selecting the option to disable caching, at the same time clicking the check box to ‘Clear cache too’.

Settings and performance tab in Sucuri

Once you’ve done that refresh your browser screen and you’ll see your changes.

Once you’re satisfied with the design changes you’ve made go back into your Sucuri account and click the ‘Enabled (recommended)’ option under the ‘Performance’ tab to turn caching back on again:

Sucuri WAF Caching settings

Apart from that, and the improved performance of your website, you won’t notice the WAF at all – it does its job silently and effectively in the background and gives you peace of mind in the process.

For more details do please visit the Sucuri website:

Does this service sound like something you could use? Let us know in a comment (below).

If you have any questions or if I need to clarify anything please leave a comment, and I’ll get back to you as soon as I can. 🙂

Cheers,

Martin Malden

Martin Malden
Owner – WP Security Basics

{ 0 comments… add one }

Leave a Comment