A technology truism is that things never stay the same. Software needs updates for new features and to fix bugs. There are almost always new security threats. While updates, patches, and stronger passwords help keep you protected, that alone is not enough to protect your website. Another layer of protection for your site is WAF, a web application firewall. Do you need one? Is it expensive? Will it slow down your site? This post will provide a brief overview of the technology and questions small business owners should think about.
What is a WAF?
A WAF is a web application firewall. The term firewall may be a familiar from struggles with your computer. The premise behind a WAF is similar, it adds a layer of defense between your website and all the network traffic that wants to get there. It examines all traffic to your site to separate the good from the bad. It is configured by adding a record to your DNS to direct traffic to go to the WAF before your web server.
Small Businesses & WAF
While it’s a bit confusing to understand, a WAF will help protect you from bad and bogus network traffic.
- Is it expensive?
- It’s more expensive not to implement every security feature your budget can allow. If your site goes down due to an attack, will you loose important customers/clients? Most services I’ve looked at offer tiered pricing and some include a free tier.
- What should I look for?
- If there’s a WAF included in your hosting plan, I’d start with that. It will lead to fewer headaches down the road.
- Do I set it and forget it?
- No, there may need to be some configuration as you decide settings and level of protection.
- Will it slow down my site?
- In theory it shouldn’t. Not all providers are created equal.
- Is it difficult to configure?
- Unless you have a non-standard configuration, it should be straightforward.
- What about privacy?
- I’ve delayed this post a few times as I researched reports on how a WAF could be used to breach privacy. To my surprise I’ve not yet found anything. That’s not to say that it can’t happen. But right now, it seems the benefits to a WAF far outweigh these theoretical privacy risks.
What about that new 184.108.40.206 thing?
Cloudflare is offering a new DNS service, 220.127.116.11. It’s not directly a part of this discussion, but it is important. I’ll discuss it next week!
Now I’m protected?
This is a layer of protection, and these solutions are evolving. It’s not a complete now I can ignore it type of fix, but it shouldn’t require constant monitoring either. Please keep up with your WordPress updates.