In this blog, I wrote so many articles related to security parameters of WordPress. This article is about securing WordPress without using too many code hacks and plugins. First connect your wordpress with cloudflare content delivery network. It works in two ways. Cloudflare works as a firewall to your website as well as with its different configurations enabled it can secure your website.
Due to extreme security mechanisms, crawlers, bots are stopped from accessing websites on the first hand and that provides huge boost to website owners as most of their website bandwidth limits did not get wasted out here and it open for real and authentic web visitors all the time.
Cloudflare is the globally distributed network and its server are located worldwide and for this it makes website always on even the original server of website shows download time. Its main aim is to protect the entire internet and for this its dedicated community of web masters and many people are employing this on to their network to make it more viable and more visible in such circumstances.
Cloudflare can be used by any webmasters who do have the choice of hosting. It does not work directly with blog spot or other sub domain considering if you have yours own domain and then followed by sub-domain and if the main domain is connected with cloudflare then the sub domain too can be connected with it considering it should have the main domain in hosting parameters.
If you’re hosting more part is not the partner with cloudflare then also you could easily add cloudflare by changing a name server of domains and it does not take 24 to 48 hours to activate but, it does activate with immediate effect.
Login to your hosting provider and then reach to my account or cpanel login to find the list of orders. Basically, you should find the names of products such as if you have single domain linux hosting and domain registration, codeguard or any other add on, Then click on the name of website to reach to cpanel list of orders and ten from domain registration find the name server which manage the domain name uses.
Then click on it and then it should open manage name servers and from there add the two designated name servers you have from cloudflare while adding website and you should have noted down it and then in the place of existing hosting provider name server you should add cloudflare powered name server and for better security or in the case in the future you wish to change it then it is better to note down hosting name servers at the safer place.
Inside of cloudflare control panel, there had been many tabs and corresponding information attached there on. In the analytics segment, one could find detailed website requests from visitors and cached requests which were meant to be reproduced from cloudflare servers worldwide.
Bandwidth saved from original hosting could be known and that quantity should be there as well as if you have enabled page rules for yours website then it should provide fewer servers to cloudflare as it could cut the costs of hosting as well as that of cloudflare servers to a considerable extent.
The more and more content served from cloudflare servers provides more and more cached resources and more and more savings of bandwidths as well. In this way, cloudflare is now enabled with your domain and this means that, it will speed up website loading time and stay as a firewall so that each viewers and bots will be measured closely before they allow to visit your website.
Most of web hosting does provide additional option of caching of your files so that these loads fast on website. According to cPanel the main characteristics of Varnish, are:
Varnish can speed up your website by up to 3-5x by Caching Static and Dynamic content (Images, CSS, plain HTML, etc.)
Enabling Varnish might result in your local logs and traffic analysis to break
Varnish will not work with https by default
If your website needs to display dynamic data, we recommend you not to enable Varnish for that domain name as it might result into your web site to display inaccurate data
Varnish should not be enabled on the domain name on which you have installed WHMCS or any similar software which requires fresh data on every access.
Optimise Website from cPanel:
According to cPanel,
Optimize the performance of your website by tweaking the way Apache handles requests. Apache allows you to compress content before sending it to the visitor’s browser. The types of content to be compressed are specified by MIME type. This feature requires Apache’s mod_deflate to function correctly. It is advisable to use ‘Compress All Content’ to load website faster.
Hotlink Protection from cPanel:
According to cPanel hotlink protection is:
Hotlink protection prevents other websites from directly linking to files (as specified below) on your website. Other sites will still be able to link to any file type that you don’t specify below (ie. html files). An example of hotlinking would be using a <img> tag to display an image from your site from somewhere else on the net.
The end result is that the other site is stealing your bandwidth. List all sites below from which you wish to allow direct links. This system attempts to add all sites it knows you own to the list; however, you may need to add others.
IP Blocker in cPanel:
There are instances of some internet protocol address from users who constantly trying hard to send you spam messages and you can directly block those internet protocol address from cPanel itself. According to cPanle IP Blocker is:
This feature will allow you to block a range of IP addresses to prevent them from accessing your site. You can also enter a fully qualified domain name, and the IP Deny Manager will attempt to resolve it to an IP address for you.
cPanel Virus scanner:
Use cPanel virus scanner to scan mail, entire home directory where the word press installation has been done, the public web space which will be accessing by viewers and the public FTP space where files are uploaded to server.
Enable Flexible SSL through Cloudflare:
SSL certificate has a public key and private key, after receiving information from host, the servers of cloudflare see the private key installed on the server and then with the available public key it decrypt data and then send it to user’s computer.
In the past we have seen most of critical websites such as banks and government agencies does need huge amount of secrecy of sending and receiving of informations but with due course of time we have seen complete and much growth of use of SSL even in people sites and even Google encourage webmasters to carry out this HTTPS protocol so that internet assets can be well protected and a definite trust should be built upon all website visitors so that internet would be a safer and mightier places to roam around almost.
Before writing this tutorials, all safety measures has been taken but under any circumstances the reader should not blame the writer as this tutorial is for educational process and with it the webmaster could garner and learn about it and then on his or her own idea should start implementing the forms of SSL on their site.
Due to recent Google announcement of giving prominence and importance to SSL or HTTPS as a ranking signal which also enable webmasters to go for SSL or HTTPS but due to high amount of price associated with it most of webmasters does not intended to move to this through hosting provider.
Cloudflare is one of the most dynamic CDN (content delivery network) services which provides huge amount of encouragement for website owners to move towards the possibility of faster web access and now it is offering free SSL to non-HTTPS websites which means it is a boon for most word press websites to make it complete secure.
Different SSL options for cloudflare:
Even free cloudflare users can carry out SSL on their site and this is a great news for users. Cloudflare offers different SSL options such as off, flexible SSL, full SSL, Full SSL strict in its crypto option after adding website with cloudflare. Login to https://www.cloudflare.com/ and then register it and then login to it and then add site from the right hand upper side of its dashboard and then add the site and click continue and cloudflare should scan your site for DNS records for some time.
Then it should show the list of Cname, A records and MX records and then click on the grey clouds beside those and it should become orange cloud and this means now your site is slowly moving to the cloudflare cloud storage.Before implementing cloudflare flexible SSL on yours HTTP site it is important that your site should be fully with cloudflare and for this it is important to change the name servers of your hosting to cloudflare name servers.
It should show the names servers of cloud flare now and it should be two name servers considering the which plan you have been. For personal site the free plan is good and in the future if you wish to shift to other plans can do it without any difficulties. Note down both the name servers of cloud flare and then open cpanel hosting.
Login to it and reach to manage orders and then open domain registration and from there open name servers and click on it and after opening of it you should be seeing the name servers provided to you by hosting provider and then cut both and then change both to the name server of cloudflare which you have written just now and then update name servers.
Name servers are used to point your domain name to your website or email service. Cloudflare should give you at least two name servers and paste those servers and drop hosting name server and wait for one or two hours for DNS propagation to be completed or wait for at least 24 hours and in these time there could have been possibility of yours site could be down for some time but do not worry about it and it should be live while the DNS change from yours hosting to cloudflare DNS change completed.
Now the first part of connecting your site to cloudflare DNS is completed. This means from now on all the A. AAAA, CNAME record of your traffic should be routed entirely through cloudflare system. Before adding cloudflare name server to yours domain name server, it is important to remember to delete hosting name servers and add the two assigned name servers of cloudflare which has been assigned to you and it is important to remove all the other name servers from the system otherwise cloudflare integration with yours website should not start.
Those who have the SSL certificate from the host could carry out full SSL with cloudflare. It could be accessed through after logging into cloudflare click on the name of the site you assigned cloudflare which should be at the left hand top of website. This tutorial is all about learning of how to make flexible SSL through cloudflare on HTTP websites. After clicking on the name of the site in a series of menu buttons should appear from there. Click on crypto to appear its sub menus.
Crypt settings of cloudflare management cryptography settings for your website. The first sub menu of crypto settings of cloudflare is SSL which encrypt communications to and from your website using SSL even without an active SSL certificate and here we should be choosing flexible. The benefits of using SSL are vast and enormous for webmasters. It ensures that the sending and receiving information in encrypted cryptographic tunnels.
The information put forward by visitors remains confidential. Yours website contents have not been modified or stolen while receiving from the server to the client computer. Of course as earlier we have discussed the search engine rankings of your website to get the major boost from it.
Here, I perceive your website is on http and in order to make it https with the help from cloud flare you should be using flexible SSL here there should be an encrypted connection between website visitors and cloudflare but not from cloudflare and your hosting sever.
The benefits to having flexible SSL on your website is that you do not need to purchase expensive SSL certificate on your server and additionally your website visitors should see the SSL Lock green icon on their web browser. You can open https://mohanmekap.com on your web browser to see the flexible HTTPs in action.
If you disable cloudflare settings within yours host by deleting name servers then suo motto the SSL settings of your website should be deleted. In order to keep these settings on cloudflare name servers should be there with your domain hosting provider.
The process of enabling flexible https on your http site
Enable Auto Minify in CloudFlare:
According cloudflare what does Auto Minify do is as follows,
Auto Minify removes unnecessary characters from your source code (like white space, comments, etc.) without changing its functionality. Minification can compress source file size which reduces the amount of data that needs to be transferred to visitors and thus improves page load time.
Cloudflare’s Auto Minify feature may intentionally not minify some scripts under specific circumstances to ensure we don’t create errors in your website code. On these occasions the code will be delivered unminified:
If the file is served from an external service or a domain not powered by Cloudflare (For example Google, Facebook, Twitter, widgets etc). For more, take a look at Does Auto Minify impact third party scripts?
If the file contains .min in the filename
If the file has syntax errors and it cannot be parsed
Inline CSS or JS embedded inside your HTML code will not be minified
Auto Minify will not remove newlines from your HTML but will remove unnecessary whitespace
Enable Rocket Loader in CloudFlare:
Asynchronously loading scripts, including third party scripts, so that they do not block the content of your page from loading immediately
Caching scripts locally (using LocalStorage, available on most browsers and smart phones) so they aren’t refetched unless necessary.
In this article, I convey some of the most common ways to protect your wordpress installation. Most of these comes from the server side or from the content delivery network side and for this only enabling them most of these work nicely. WordPress security is a vast subject and it is difficult to deal with them.
First and foremost if we look closely most of hosting providers does have above mentioned security add ons and if you enabled cloudflare or any other content delivery network for sure you would find that another host of other add ons and some of these add ons I mentioned in this article.