Regular reader of this blog may remember that back in August I looked at both Cloudflare and Incapsula to protect an accelerate infosecblog.org.
Webmasters are faced with two huge challenges. The first is keeping the blog secure. There were many examples recently of WordPress blogs, even security related ones, compromised. While it is always easy to just blame the webhost, vulnerabilities in TimThumb proved to be many blogs undoing. If you run a blog and you haven’t searched to see if you use timthumb unbeknownst to you in one of the many plugins you’ve added, you’re blog is probably already compromised.
The second major concern for webmasters is site speed. All these plugins we install slow the site down. Search engines penalize your page rank for slow loading. Users are unlikely to return. First time visitors may have their ADD kick in and just move on to the next site.
Cloud based mini Content Delivery Networks (CDNs) like Cloudflare and Incapsula provide answers to both problems.
With these types of services the webmaster changes the DNS to point to the cloud based service. In the cloud, they block the bad and accelerate the good (to steal a phrase from BlueCoat). You no longer have to mess around with complicated WordPress caching plugins (although some are designed to work hand in hand with CDNs). If you were slack on security and had a vulnerable version of TimThumb, both of these solutions would block that attack and let you know about it. The webmaster should still stay on top of all WordPress upgrades including the plugins. Additionally the password should be strong.
One of the challenges with using these services at Dreamhost was they lock own the A (and AAAA) records for infosecblog and www.infosecblog.org. Even to use Incapsula’s free service, I had to pay for a third party DNS provider so I could have full control over the DNS. With Cloudflare at least, this problem is now solved. Dreamhost has partnered with them to allow integration with just a checkbox. I set it up one of my other domains in minutes. I’ll continue to use Incapula on this domain and compare the two services.