Master lock, "r00t" password

Website security is an often overlooked necessity. Whether it’s budget, time, or lack of understanding, many companies that rely on a public website don’t take the necessary precautions to secure their infrastructure. A security breach can compromise your data, or potentially your clients, and lead to a detrimentally negative stream of PR.

Finding and eliminating security holes in your website is often looked at as a time consuming, costly, and ongoing initiative. Fortunately there is a simpler way to avoid the embarrassment of a website security breach, it’s called CloudFlare.

What is CloudFlare?

CloudFlare is a DNS management tool that makes it ridiculously easy to automate your website security. It provides protection from a wide range of threats to keep your website safe, including:

  1. Browser integrity
  2. Visitor reputation
  3. Block list / trust list
  4. Saved bandwidth and server resources
  5. Protect SSH / Telnet / FTP ports
  6. Collaborative security
  7. Breaking the cycle of malware

What is an “attack” on a website?

Online threats range from nuisances like comment spam and excessive bot crawling, to malicious attacks like SQL injection and denial of service (DOS) attacks. The threats that exist are constantly changing, and growing. It’s a very difficult thing to keep up with, as a web developer I know first hand how exhausting it can be.

Setup is Easy

Ridiculously easy. Follow these simple steps:

  1. Create an account
  2. Transfer the DNS for the domain you want to protect
  3. Configure the options and save

That’s it, really.

How does it work?

CloudFlare acts as a internet-wide neighborhood watch program. It automatically detects new attacks that arise against any website on its network. Once CloudFlare identifies that there is a new type of attack out there, it starts to block the attack for the specific website and the entire community. This means the longer you are on CloudFlare, and the larger it gets, the better the protection becomes. It’s a truly ingenious way to combat website attacks.

CloudFlare Security Analytics Report

Speed & Performance Benefits

Beyond security monitoring, CloudFlare also provides a number of speed optimization tools. On average, a website on CloudFlare:

  1. Loads twice as fast for its visitors
  2. Sees 65% fewer requests s
  3. Saves 60% of bandwidth

This will most definitely vary from site to site, but overall that’s a pretty staggering statistic. You can calculate your specific speed benefits and savings using the CloudFlare analytics report within your account.

Built-in Content Delivery Network (CDN)

CloudFlare’s CDN reduces hops and lowers latency. On average, a request is fewer than 10 hops and takes less than 30ms. The result? Your website gains a global presence on an affordable budget.

Asynchronous Script Loading & Caching

The rocket loader service will automatically optimize your site to minimize the number of network connections to reduce the overhead of third party resources. This will speed up page rendering.

JavaScript Bundles

The JavaScript bundling service will combine multiple JavaScript files into a single request to avoid the overhead of multiple network requests.

Automatic Minifcations

The AutoMinify service will remove unnecessary characters and white space from HTML, CSS, and JavaScript. This can save 20% of a file’s size, and works without caching so it can support fully dynamic pages.

Browser optimization

All web browsers work slightly different than one another, whether it is Internet Explorer, Firefox, Google Chrome, or Safari for iOS. Browser optimization automatically adjusts the way content is delivered based on the particular device accessing the site to maximize speed without affecting the site’s look or features.

GZIP Compression

GZIP is a compression process that reduces the size of a request by shrinking file sizes, similar to the way a ZIP archive does. Hardware optimized lossless compression reduces the size of all your resources and delivers them compressed, even through lazy firewalls that incorrectly claim browsers don’t support GZIP.

Local storage caching

Modern web browsers and mobile devices have the ability to intelligently cache the objects needed to render your site. CloudFlare automatically detects the users browser and enables these features to reduce website load time.

Cache header optimization

When you develop a website, there are certain instructions you can give to a web browser, telling it how long to store it’s temporary files. These settings are rarely used, but can have a large impact on the time it takes for a page to load.

This feature will automatically adjust the cache header instructions to allow browsers to correctly cache the resources of a site, and minimize the need for new requests.

Saved bandwidth and server resources

Since CloudFlare acts at the domain level, before malicious requests hit the server, it effectively stops threats before they get to your website. This saves bandwidth and server resources. Your server is also freed up to serve your legitimate traffic optimally.

In Conclusion

CloudFlare is a simple, effective way to protect your website or application from attacks and threats that exist today. It will also ensure that your website is well protected in the future.

Beyond security there are also significant performance and speed improvements.

This article is in no way sponsored, endorsed or promoted by CloudFlare. We’ve used this software on our website, and are truly and sincerely impressed with the results.

photo by: Schill