Pros / The thorough help materials, in a useable wiki format, make it easy to get the most out of CloudFlare's rich security and performance features.
Cons / Although it uses advanced security features such as SQL injection protection, it unfortunately doesn't utilize the OWASP top 10 threats in its Pro plan.
Verdict / CloudFlare offers a variety of security options including protection against spammers, SQL injection and cross site scripting.
The idea of combining web security and performance together into one cloud service is relatively new and there aren't many products out there that contain both features. CloudFlare is a website security and performance service that gives you protection against hackers and enhances the speed of your website without emptying your bank account. CloudFlare is the Top Ten Reviews Silver Award winner because it offers protection against SQL injection, as well as well as support for SSL websites. It also uses a global CDN and content caching to improve the speed of your site.
CloudFlare started as a project to track spammers who would harvest email addresses from websites. This focus changed in 2009 to include more security options. They quickly realized that security software slowed site performance too much and for the next year worked not only to minimize performance lags, but to actually speed up a website's performance while offering it solid internet protection. This is how the website security and performance service CloudFlare was born, and we feel it is one of the most effective services out there.
- Data retention
The first group of features we looked at is the security. CloudFlare offers quite a few options when it comes to protecting your website and your customers. Some of the key security elements include protection against SQL injection and cross-site scripting (XSS). These failsafes effectively protect your site from hackers who would attempt to interline their own malicious code into your site's HTML code. The reason you need protection against these is they are attacks against the code of your site. This keeps your customers' credit card numbers and account information safe. We would have liked to see them utilize the OWASP top 10 threats in its Pro plan. This is a list of known security threats and tools to help protect against them. This feature is only available in its Business and Enterprise plans.
Another security feature that is included in this website security service is the blocking options. CloudFlare comes with a variety of options. We found the protection against email harvesting a big advantage. You don't have to worry about listing your email addresses online and having bots pick them up and start spamming you. We were also impressed with the reputation threat protection. This blocks already known malicious threats by recognizing the IP address. If you already have an IP address you know you don't want visiting your site you can specifically add them to a block list.
The last thing you want to happen is to have your customers' computers infected with a virus from your site. In the one-in-a-million chance that hackers do get to your site, CloudFlare has a system set up so that your customers are notified if there is a chance that they could have been affected. This at least gives your visitors a warning if your site has been compromised.
CloudFlare's performance features help to improve your site's speed. Keeping your website running quickly reduces the chance that your customer will get fed up with slow page loads and leave the site before purchasing anything. One of the included website performance features relies on the global content delivery network (CDN). This increases the bandwidth without you needing to add any extra hardware. Since it is global it doesn't matter where your clients are located – they will still receive prompt page loading times.
Another reason why we found this website performance service so useful was the fact that it has automatic static content caching. This can help your site load faster for return customers. They also offer a website preloader which pre-caches your most popular pages and makes load times much faster for your visitors. Along with these two features is another feature that looks at which resources are most used and have them on hand for your customers. This reduces the loading time of these pages.
Because this service has so many features and tools for you to use, there needs to be a smart way to manage and organize them. Along with this is the importance of tools for managing your site. CloudFlare's intuitive web interface is neatly organized and lets you easily manage this powerful software to optimize your site's speed and security. One of the included tools gives you the traffic statistics of your site. By keeping tabs on your traffic you will notice if there is an unexpected drop-off or an uptake in your visitors which can alert you to problems before they get too big or let you know when a campaign worked. If there is a large problem CloudFlare is set up to give you real-time notifications when there is a situation with your security.
Help & Support
You may never need to use the help and support resources for this service, but we advise familiarizing yourself with their ample help center so you can get the most out of this website security service. If you do actually have a problem understanding any of the features, you'll be pleased to find video tutorials and a thorough, searchable knowledgebase with answers to frequently asked questions.
If you need more personalized help you can always go to the community section to get updated information about the product and the company. You can also use the email address to contact the company directly if you have any questions for them. One of the other support features that we really liked about CloudFlare is the fact that they have a company wiki. This wiki contains information on using their website security and performance tools. Anyone with an account can add information to their wiki, so the information is being continually updated.
CloudFlare comes with a whole variety of tools for website security and performance. Some of the website security tools include protection against SQL injection and cross-site scripting. Some of the website performance tools we found especially useful include content caching and global CDN. All of these options are done on the cloud so you don't have to worry about installing any hardware or software, so your site will be secure and quick for your visitors and easy for you to manage.