A Journey to Fortifying My Website Security: A Blogger’s Guide to Using Cloudflare
We all know that in this digital age, our online presence is not just a luxury—it’s a necessity. It’s our virtual storefront, our portfolio, our platform. Our websites are our lifelines. And they need to be protected just like any other valuable asset.
Over the years, I’ve seen the cyber landscape become a battleground. We’re all aware of the vulnerability of websites to malicious attacks and sadly, it’s a reality we cannot deny. The frequency and sophistication of cyberattacks have been steadily escalating, making us—the smaller fishes in the sea—easy targets. The reason? Well, many of us cannot afford the enterprise-grade security systems that larger corporations use to fend off these cyber predators.
This realization led me on a journey to find a security solution that was not only affordable but also effective. My journey took me to Cloudflare—a comprehensive, cloud-based solution that’s perfect for us small to medium-sized businesses and bloggers. Today, I want to share with you the steps I took to protect my website using this powerful tool.
Introducing Cloudflare
Cloudflare is essentially a network of data centers that offer services including DNS, CDN, and most importantly, security. It protects, speeds up, and improves availability for a website or mobile application with a change in DNS. Best of all, Cloudflare offers a free version that packs a punch, providing a suite of robust security tools to protect your site.
Getting Started with Cloudflare
The first step is to add your website to Cloudflare. It’s simple, just sign up on their website, add your site, and select the free plan. It has everything you need to protect your website.
Next, Cloudflare will ask you to add Name Server (NS) records to your domain registrar. NS records indicate which server is handling your website’s DNS. Updating these is crucial to enable Cloudflare services on your site.
Transfer DNS Records to Cloudflare
After updating your NS records, you should transfer all your DNS records to Cloudflare. This allows Cloudflare to handle all of your website’s traffic, affording you the maximum protection they offer.
From the Cloudflare dashboard, select ‘DNS’ from the sidebar, then ‘Records’. Here, you can add or edit the DNS records. Take care to ensure you copy all records from your current DNS provider accurately to avoid any disruption.
Two important notes: First, DNS records might take up to 48 hours to propagate, so be patient. Second, make sure to backup all of your DNS records.
Setting Up SSL with Cloudflare
One of the most critical steps in protecting your website is setting up an SSL certificate. SSL (Secure Sockets Layer) encrypts the data transferred between your web server and your visitors, ensuring it cannot be read or tampered with.
Head over to the ‘SSL/TLS’ section, then to ‘Origin Server’ in the Cloudflare dashboard. From there, you can create a certificate for your website. Once the certificate is generated, you need to install it on your website or server.
If you’re using a control panel like cPanel, installing the SSL certificate is straightforward. Navigate to ‘SSL/TLS’ in your cPanel, then install the certificate. Remember, having SSL is not just about security; it also significantly improves your SEO rankings as Google tends to favor secure websites.
After installing the certificate, if your website shows an error, don’t panic. Go to ‘SSL/TLS’, then ‘Overview’ on the Cloudflare dashboard. Choose between ‘Full’ and ‘Full (strict)’ SSL modes until your website works correctly.
Securing Your Website with WAF
Cloudflare also offers a feature called Web Application Firewall (WAF) to protect your website from threats. It helps you control access to sensitive pages of your website such as your WordPress login page (wp-admin).
From the Cloudflare dashboard, go to ‘Security’, then ‘WAF’. Create a new rule, add the pages you want to restrict, and select ‘Block’.
A word of caution here: blocking will prevent even your access to the specified pages. To work around this, consider using a VPN with a static IP address and whitelist this IP address on Cloudflare. This allows you to access the blocked pages while keeping others out.
Read about creating a free VPN server just for you!
For your convenience, I have added the expression that needs to be added to protect the most sensitive directories and paths on WordPress. Now, you can add extra conditions to protect other directories and files on WP.
(http.request.uri contains "/wp-admin/") or (http.request.uri contains "/wp-login.php") or (http.request.uri contains "xmlrpc.php") or (http.request.uri.path contains "wp-config.php")
The Takeaway
Investing time in securing your website is no longer optional; it’s mandatory. The cyber landscape is rife with threats, and it’s our responsibility to protect our virtual real estate. My journey led me to Cloudflare, and the results have been astounding.
Remember, even though you might not be able to afford enterprise-grade security, you’re not powerless. Tools like Cloudflare give us the ability to protect our websites effectively without breaking the bank. Stay secure, my friends!