SiteGround have announced two significant improvements to their CloudFlare add-on packages. First, SSL is now supported in the free add-on, and CloudFlare’s excellent Web Application Firewall is now included in their Plus plan. You can read more about CloudFlare here.
You have always been able to get SSL support with CloudFlare for free if you sign up with them directly, and it is a welcome addition now that you can get it via the SiteGround managed CloudFlare add-on.
SiteGround have offered free SSL certificates for some time in partnership with Let’s Encrypt, but now customers can use both an SSL and CloudFlare together. You can now enable flexible SSL (encryption between CloudFlare server and the browser only), or a Full Strict SSL setting (requiring SSL at SiteGround).
The great addition, though, is the introduction of the Web Application Firewall as part of the Plus Plan.
The WAF protects your website against the OWASP top 10 vulnerabilities and is supplemented by 148 built-in WAF rules that you can apply with a single click, covering all the most popular web applications.
OWASP Top 10 Vulnerabilities
- Broken authentication and session management
- Cross-site scripting (XSS)
- Insecure direct object references
- Security misconfiguration
- Sensitive data exposure
- Missing function-level access control
- Cross-Site Request Forgery (CSRF)
- Using components with known vulnerabilities
- Unvalidated redirects and forwards
Is it worth getting a Web Application Firewall?
The great thing about CloudFlare is that you will get a detailed breakdown of all the times that the WAF is triggered. To give you an example, we routinely stop anywhere between 10 and 500 visits a day with our WAF, with occasional spikes caused by hacking attempts that run into 1000s of visits in an hour. Just take a look at the following screenshot of our current WAF entries:
It saves you money.
When it comes to WAF’s, we learned the hard way, and coincidentally it happened a couple of years ago when we hosted with SiteGround. As a busy website that posted many social links, we found that we were very visible on the web. Hackers use bots to crawl the web to identify targets automatically, so we were a regular target of these bots.
We didn’t know at the time, but we had an incident where our website went offline for a few minutes. Knowing how reliable SiteGround was, we got in touch and were told there were 160 connections to the account. This, was, of course, a surprise to us and was our first realization of the need for a WAF.
At many hosts that level of server activity on a simple shared hosting account would be enough to get you suspended, or, in many cases told to upgrade to a more expensive Cloud or VPS plan. Having a WAF can help filter out all this traffic, thus enabling you to remain on a cheaper web hosting plan.
How much does it cost?
The SSL support is provided as part of the free CloudFlare add-on.
The Web Application Firewall costs the following:
- UK — 9.95 GBP/mo or 95.50 GBP/year
- US — 14.95 USD/mo or 143.40 USD/year
Historically, we were always put off from signing up to CloudFlare via a hosting provider due to the lack of the WAF. This changes that, at least in SiteGround’s case.
With these changes, it works out around 25 percent cheaper to purchase a paid CloudFlare plan through SiteGround.
If you rely on your website for your business, or income in any way, then a Web Application Firewall is a must. Prevention is always better than a cure, and CloudFlare’s WAF is excellent for the price.
SiteGround is currently offering up to 60 percent off for new customers.
Jonathan Griffin Editor, SEO Consultant, & Developer.
Jonathan Griffin is The Webmaster's Editor & CEO, managing day-to-day editorial operations across all our publications. Jonathan writes about Development, Hosting, and SEO topics for The Webmaster and The Search Review with more than nine years of experience. Jonathan also manages his own SEO consultancy, offering SEO developer services. He is an expert on site-structure, strategy, Schema, AMP, and technical SEO. You can find Jonathan on Twitter as @thewebmastercom.