|Join Nairaland / Login / Trending / Recent / New|
Stats: 1,423,878 members, 2,308,242 topics. Date: Thursday, 03 September 2015 at 07:51 AM
|Education / Kogi State University Watching Basketball Match- See Photo by solaugo(m): 8:15pm On Jul 03|
Students of Kogi State University watching a basketball match.....
|Nairaland / General / FLOOD: Ladies, Will You Accept This Offer? - [PHOTO] by solaugo(m): 8:47pm On Jul 02|
...AND AS A MAN WILL YOU ALLOW YOUR WIFE TO BE ASSISTED LIKE THIS?
LIKE our facebook page @ https://www.facebook.com/pages/Newsnow-In-Nigeria/557954604331963 for more......
5 Likes 4 Shares
|Webmasters / How Cloudflare Can Help Secure Your Wordpress Site by solaugo(m): 5:56am On Jun 30|
CloudFlare is a service that makes websites load faster and protects sites from online spammers and hackers. Any website with a root domain (ie http://www.mydomain.com) can use CloudFlare.
CloudFlare offers security features - free and paid - that can further help you protect your website. We'll cover the key features customers care about the most below.
Basic Security Level (free to all customers)
CloudFlare’s Basic Security level uses data sources to identify potentially malicious visitors to your site by IP threat scoring. If the IP has recently shown problematic behavior online, including spam and attacks, then a visitor from that IP would receive a challenge page before they actually hit your website (this is also highly effective at stopping many botnet attacks).
Keep in mind:
A higher security level will lead to more challenges and possible false positives. We default all users to medium, but you can always turn this higher or lower in your security settings.
Pro tip: CloudFlare customers on a paid plan can customize CloudFlare error message pages.
CloudFlare’s Threat Control (free to all customers)
Many WordPress site owners just installed their WordPress site through a few clicks at a hosting provider. Many of these site owners do not know server commands that they can use to restrict access to their site through things like .htaccess, but CloudFlare’s Threat Control panel will let you do many of the same things that you would do in .htaccess through an intuitive interface that will let you either block or whitelist IPs.
Things you can do:
1. Block an individual IP
2. Block an IP range by CIDR (we currently support in /16 and /24 formats).
3. Block a country
Conversely, of course, you can also use Threat Control to whitelist IPs. If you know that a product or service you use to help run your site needs access to your site, such as a monitoring service or API call, then you should whitelist their IPs to make sure that they don’t get challenged.
Note: CloudFlare’s country block currently only throws a challenge page up for visitors from the region you blocked (not a full block). A human could still enter your site by passing the captcha, but the block is still highly effective at stopping most bots or botnets from wasting your site’s server resources or attacking you. You should use some care with using a country block, however, since you may inadvertently end up challenging a service with an IP address in that country block space.
CloudFlare’s Web Application Firewall (Advanced Security)
CloudFlare’s Web Application Firewall is a paid feature of CloudFlare designed to make it harder for someone to penetrate your site (you should still follow other security practices, of course). While many attackers out there are simply “script kiddies” screwing around, there are indeed more advanced hackers out there that will try to figure out ways to access your site through more advanced attack types (XSS, SQLi, etc.).
As of this writing, CloudFlare’s Web Application Firewall a has over 15 rule sets designed to block attacks directed specifically at WordPress sites, with an additional layer of protection added via the OWASP WordPress rule sets configured in the WAF as well. You can turn these WAF protections on or off in your CloudFlare security settings.
Note: Please note that some visitors may trigger false positives with the Web Application Firewall turned on. You can always decided to whitelist that visitor in Threat Control to override the challenge or block behavior.
SSL encrypts information between a web server and a client (a browser, for example) so that sensitive information can be transmitted securely without having eavesdropping occurring from malicious actors on the internet. If you have a website where you are capturing sensitive information (credit cards, etc.) or doing e-commerce transactions, SSL is the best way to protect that sensitive information from being intercepted. CloudFlare has two options for SSL based on your needs:
Customers that do not have SSL installed on their web server can still encrypt some of the traffic to protect sensitive information with Flexible SSL. The added benefit of Flexible SSL is that visitors would still see your website as having SSL enabled, thereby giving visitors more trust in your site.
Note: If you are using a service that requires SSL directly on the server, Flexible SSL will not meet that need and you should get a SSL certificate from an approved SSL vendor (your hosting provider will often have SSL available as well).
Full SSL and Full Strict SSL
Full SSL is required for sites that have an SSL certificate installed directly on their server. Full SSL will encrypt all of the traffic all the way to your web server as long as CloudFlare is proxying the record in your CloudFlare DNS settings. Full SSL will work with a self-signed certificate, whereas customers with a valid certificate from a certificate authority should choose the Full Strict option for SSL.
CloudFlare DDoS protection
CloudFlare offers basic DDoS protection and mitigation to all customers free of charge, with advanced DDoS protection offered on the Business or Enterprise tiers of service.
If you are currently under DDoS attack, or if you would like to reduce the risk of a DDoS attack, then we have some very helpful tips on how to mitigate a DDoS attack fairly quickly.
Please note: We only guarantee DDoS protection at the Business and Enterprise tiers of service. If your site is frequently the target of large DDoS attacks, please make sure that you choose the correct pricing plan for your site to get the coverage you need.
For more information; contact:
ASSURE Educational Services
4 Likes 5 Shares
|Sections: politics (1) business autos (1) jobs (1) career education (1) romance computers phones travel sports fashion health |
religion celebs tv-movies music-radio literature webmasters programming techmarket
Nairaland - Copyright © 2005 - 2015 Oluwaseun Osewa. All rights reserved. See How To Advertise. 73