In the SSL era, bots and hackers are on the rise. Never have we seen so much potential for damage so quickly. Many think cost effective solutions elude most of us because of our limited budget or our technical knowledge. CloudFlare is the solution to the aforementioned problem. This post is based on a presentation I recently attended, where 15-year cyber-security expert, Jim Walker (hackrepair.com), openly vouched for CloudFlare as a free security measure. This article summarizes Jim’s presentation.
Problems CloudFlare Solves
Denial of Service
CloudFlare allows you to mitigate denial-of-service issues. A denial-of-service attack occurs when too many visitors go to your site and create traffic. The term ‘Visitors’ does not necessarily refer to human traffic, as problems often arise due to bots. There is no preventative measure to this issue at the server level. A $10k firewall unit is not an effective solution. Usually, your host will turn off your site. The only effective way to protect from a denial-of-service problem is with a cloud service.
Most sites are hosted on shared hosts. Having a site that is insecure is a discourtesy to all of your file hosting neighbors. If your site becomes hacked or overloaded, it will adversely affect all sites hosted on your shared server. As stated, it will also cause your site to be shut down.
Most servers have a maximum per second transfer rate. This differs from a bandwidth attack because it is over such a short period of time. It is impractical to stop hackers and bots at your site’s server level. CloudFlare works a level above your site, like a watchtower located miles away from your main base. With CloudFlare, you also get a shielded IP. While the service does not make your IP impossible to obtain, it certainly makes it more difficult.
Introduction to the CloudFlare Interface
Page Rules Section
The Page Rules Section is the default page when you log into CloudFlare. Here, HTTP can easily be redirected to HTTPS. If you don’t have HTTPS, you should have got it yesterday. For those of you who are familiar with development, I know what you are saying. “Can’t I just use the ‘.htaccess’ file to redirect to HTTPS?” Of course, but you risk many possible problems. CloudFlare is a stronger solution.
CloudFlare has analytic features; this helps website administrators see trends in security before they become a significant problem.
I used CloudFlare on a few of my sites immediately after attending the presentation. My sites loaded faster. I didn’t realize this would be a side effect, which you as a visitor to this site have benefitted from. As far as whether I would recommend the service, I think it goes without saying: YES. Have you tried CloudFlare? What do you think of CloudFlare? Do you have any questions about the service? Let us know in the comments and we will get back to you.
This post was written based on a presentation by Jim Walker, HackRepair.com. The presentation took place at Advanced WordPress (AWP) event in San Diego. Connect with AWP on Facebook and MeetUp.com. The video was recorded by Yaron Guez.