Within the WordPress community, I find a lot of folks use a variety of security plugins and methods to secure their websites against denial of service attacks and brute force connections. Recently I’ve begun reading a number of comments in the Facebook forums and personal blogs regarding how poorly Cloudflare performs against automated website attacks.
I find this strange because Cloudflare has always promoted the benefits of its distributed content delivery network (CDN) to help reduce the impacts of extreme events, like mass IP connections, and it has protocols in place to help reduce Layer 7 DOS and brute-force attacks as well.
That said, it’s become apparent to me that many are simply not taking the next step in reviewing all of the features available within Cloudflare, and implementing them appropriate to their needs.
I use the free Cloudflare service to help protect my website and I use my web host’s free SSL certificate to better secure my login page and forms. Using the free Cloudflare and SSL certificate services seems like a no brainer to me.
So what about blocking the bad guys and bad bots you ask?
If you have Cloudflare set up already, then you are half