Owning a Website Comes With Responsibility
With how websites are built today on systems like WordPress, Joomla, DotNetNuke, Drupal and others, you’re running actual software on your website. Don’t get me wrong – it’s great. This software makes managing a website and adding content really easy. Along with that kind of power comes great responsibility.
Some of the Things That Can Go Wrong
Your website is on a public server. That means it’s open for the public to view. It has to be because people need to connect to it to see what’s on it. Because there’s that public access, you’re pretty much inviting trouble.
For example – let’s say you had your laptop and you put it out in a busy shopping mall on a Saturday. You nailed it down to a table and gave it Internet access. When the end of the day rolls around and the mall closes, how do you think that laptop would look. Would all your icons be in a row and would all your files be how they were when you first put it there? No, it would be a mess. People would be looking through your data, installing software and using it to do whatever.
Ok, so that’s just a shopping mall with maybe a few hundred people using it. Multiply that out to where the whole world has access and what do you think would happen? This is essentially what’s going on with your website. If it’s going to be set up like that, it needs to be protected.
Here are some things that might happen if it’s not protected:
- Cross site scripting
- SQL injections
- Comment spam
- Excessive bot crawling
- Email harvesters
- Malware/virus installation
- Phishing schemes
- Junk email scripts
- Denial of service attacks
How to Protect Against This
The first thing to do is to make sure your website software is always up to date. Install the latest patches for the core system as well as any plugins or extensions. Make sure the theme is also up to date since it is software, too.
CloudFlare is a CDN (Content Distribution Network) and more. You get all kinds of benefits!
Benefits of CloudFlare
You get protection, speed and a lot more. Basically, your website isn’t naked anymore:
Here are the benefits:
- Your website loads faster / better website performance – they cache content for you
- Add security – they can see attacks coming and block them before they get to you
- Additional analytics – get website statistics from a different point of view
- Save bandwidth / additional servers
- It’s easy to enable
- It’s free
They take over your DNS for you and that’s how they’re able to do all these things. Their DNS servers are worldwide, authoritative and fast.
With pending attacks, they can see where they’re coming from and take action so that your website isn’t even accessible to hackers. With that in place, they’ll skip your website and move on to another one that isn’t as well protected.
I Use It
I’ve been testing CloudFlare for a while and I’m now moving more and more websites that I own over to it. It works really well. I’ve had no problems at all.
Here’s a report showing what they’re done for a website of mine (that gets decent traffic) over a 1-month span (click on the image to see a larger version):
I mean, 6,700 threats stopped… that says a lot right there.
I don’t get any compensation for recommending CloudFlare. I just think it’s really good and everyone should be using it. It’s free, so why not?
Setting it Up
Setting up CloudFlare is easy. You’ll just sign up for an account and then enter your domain name. They scan your current DNS records (this takes a few minutes) and then you confirm they are right (they should be) and then they tell you what to change your name servers to – this is done at your domain name registrar… login there and make the changes.
It then takes some time to take effect.
If you use a WordPress website, it’s a good idea to download, install and set up the CloudFlare WordPress plugin.
Also, when you FTP into your server, you might have problems. It might not connect. The workaround is either to just use the IP address of your web hosting server or else use the “ftp” subdomain. For example: ftp.yourdomain.com. Make sure that record exists, of course. Another issue might be accessing your control panel since that is sometimes on a different port (using cPanel or Plesk, for example).
If you do have some kind of weird plugins that trap visitors or .htaccess rules on your website, then you might run into issues with that. I had one of those plugins running on one of my sites and it caused CloudFlare to look like it was attacking the server. I had to remove the plugin and then everything worked.
If you do run into problems, CloudFlare is there to help – please contact them. It’s still really great to use – don’t let all of this scare you.
I give CloudFlare a 5 out of 5 for reliability and ease of use. You can even see all the protection they provide. Like I said, I’m going to move all my domains to CloudFlare. We even have some of our own hosting and we’ll be moving clients to it as well for the health of our servers.
If website up time matters to you (and it should) along with website performance (providing the best user experience – Google thinks this is good), then get your website moved over to CloudFlare and be protected.