CloudFlare... What's your experiences? Is it necessary?

25 replies
Hi guys,
Someone I know has just suggested that it is vitally important that I have my websites running through CloudFlare's service to stop a DoS happening ('Denial Of Service' I just learnt haha) for anyone new to this like I am, here is the Wiki page:
Denial-of-service attack - Wikipedia, the free encyclopedia

I have had once of my websites hacked with porn pages, my host quickly sorted it out for me, and recently had another website hacked with a page that just said "Gabby was here " while it played a song, this site was a blank domain so the motives for this one seems ridiculous (why don't they put their efforts into IM haha).

Anyway...

CloudFlare...

A necessity?
#cloudflare #experiences
  • Profile picture of the author NatesMarketing
    I recommend Cloudflare...but...really it sounds like you have a much worse security flaw than what Cloudflare may be able to protect against.

    Is your password 1234 or pass?!

    And I'd also follow dearfriendvn's advice...as - I feel you have a bigger underlying problem.
    {{ DiscussionBoard.errors[9348507].message }}
  • Profile picture of the author IMMer1975
    I LOVE CloudFlare for a number of reasons. Yeah, the free plan has a limited DDoS protection, the protection against certain malware is nice, the cacheing of static files and its ability to be a CDN its really cool...I have a very large site so the benefits of CF are big.

    The best part about CF however is its blistering fast DNS propogation...meaning when I need to change hosts, I simply update by DNS is CF and its updated in seconds, as compared to the up to 72 hours with any traditional domain registrar.

    Regardless as said above, being hacked is not going to be prevented by CF. You've either got a easy guessable password, malware installed on your site or they're exploiting a known vulnerability with the software you're running.
    Signature

    Pssst...want to learn how to build marketing funnels in Mautic marketing automation to propel online conversions?

    Or are you interested in learning Wordpress? Check out my free video courses here. Taken by over 25,000 students on Udemy.

    {{ DiscussionBoard.errors[9348527].message }}
  • Profile picture of the author Adie
    Cloudflare is very good if your site has large traffic. All other benefits are already explained above. Ddos is very rare and it s not also cheap to launch ddos.
    Signature



    Moderator's Note: You're only allowed to put your own products or sites in your signature.

    Signature edited.
    {{ DiscussionBoard.errors[9348536].message }}
  • Profile picture of the author ecoverartist
    I really like Cloudflare, although its free plan only provides limited protection. If you're running a CMS like Wordpress, it's a good idea to have another security plugin installed (like Wordfence).
    {{ DiscussionBoard.errors[9348608].message }}
  • Profile picture of the author Amer A
    Hi charliemwallace

    Cloudflare is not necessary, from my personal experience.

    Regards

    Amer
    Signature
    www.plr-reseller.com is a Membership Website Offering eBooks; Software and Videos with Resell Rights, Master Resell Rights and Private Label Rights.

    www.popupsalesengine.com Save designers fees, create your own Popups in minutes with Popup Sales Engine.
    {{ DiscussionBoard.errors[9348652].message }}
  • Profile picture of the author BizOnTheWeb
    Many hosts now include CloudFlare for free, which is great. I don't know that it's worth paying $50/month for on your own, however. But it all depends on your Website, its content, and how fast you need it to load (or how reliable you need it to be). CloudFlare has been a very successful company because they're meeting a very real need for a segment of Websites that require such a service.
    {{ DiscussionBoard.errors[9348953].message }}
  • Profile picture of the author damoncloudflare
    Originally Posted by charliemwallace View Post

    Hi guys,
    Someone I know has just suggested that it is vitally important that I have my websites running through CloudFlare's service to stop a DoS happening ('Denial Of Service' I just learnt haha) for anyone new to this like I am, here is the Wiki page:
    Denial-of-service attack - Wikipedia, the free encyclopedia

    I have had once of my websites hacked with porn pages, my host quickly sorted it out for me, and recently had another website hacked with a page that just said "Gabby was here " while it played a song, this site was a blank domain so the motives for this one seems ridiculous (why don't they put their efforts into IM haha).

    Anyway...

    CloudFlare...

    A necessity?
    If you do signup for CloudFlare, we do have some helpful tips about dealing with an attack.

    If you are getting hacked the Web Application Firewall could help with that.
    Signature
    {{ DiscussionBoard.errors[9349350].message }}
  • Profile picture of the author WPExpert
    Originally Posted by charliemwallace View Post


    CloudFlare...

    A necessity?
    I use it for all my sites. Its free, so why wouldn't you?

    The biggest problem with trying to unhack your website is that the infection or code-injection or whatever it is that is the root of the problem, may well not have come from your website in the first place.

    Anything you can do to stop it gaining access in the first place has got to be good for you.

    And cheap shared hosting providers now regularly take the least cost route and simply block you from access until you get fed up with their endless and pointless automatic emails, and just drift away.

    Then they can wipe their hard disk and start again with a new piece of Internet real estate.

    The secret is to get someone who knows how to protect your site for you and avoid the issue in the first place.

    Sooner or later you will either learn how or find someone you can trust.

    Terence.
    Signature
    Sales & Marketing Websites | QloudPressâ„¢ - When Your Website Is Mission-Critical
    {{ DiscussionBoard.errors[9366893].message }}
  • Profile picture of the author aire
    Let me give you the most honest answer: Do not use it. Get a good server, optimize it better.
    CDNs affect SEO even if many companies claim they do not.
    {{ DiscussionBoard.errors[9366899].message }}
    • Profile picture of the author damoncloudflare
      Originally Posted by aire View Post

      Let me give you the most honest answer: Do not use it. Get a good server, optimize it better.
      CDNs affect SEO even if many companies claim they do not.
      Using a CDN should actually help your SEO & not harm it. Search engines also have special rules in place for sites that are using a CDN.
      Signature
      {{ DiscussionBoard.errors[9436541].message }}
    • Profile picture of the author BestSEO
      Originally Posted by aire View Post

      Let me give you the most honest answer: Do not use it. Get a good server, optimize it better.
      CDNs affect SEO even if many companies claim they do not.

      WORST ADVICE EVER!!!!!!!!

      I have several servers and they are top end and I only use cloudflare because of the way it works, the protect, the SEO, the SEM, ---BENEFITS ARE INSANE!!!---

      USE cloudflare and protect your site/investment!
      Signature
      Lead Gadget & https://join.theatm.us
      The network of the future here today!
      Where you use THE ATM and suck leads in like no other APP has ever done!
      {{ DiscussionBoard.errors[9449901].message }}
  • Profile picture of the author vishwa
    Yes! Cloudflare is very reliable. It boost up your site and protect you from spam and DDOS attack. But I hate their free plans as it will literally slow down your website.
    Signature

    Blogging Tips & Tricks @ https://blogwithvk.com

    {{ DiscussionBoard.errors[9366911].message }}
  • Profile picture of the author origin
    I have had client sites DDOS attacked and unless you are on the $200 pm plan Cloudflare is not going to help you. So if you are worried about DDOS and looking to sign up with them for that purpose, you are looking at $200 pm at least per site.

    Having said that, if you have a run of the mill website and are not in controversial niches like religion, politics, adult and other sensitive topics you should not worry too much about DDOS. I have over 400 websites under my control and over the past 10 years only 2 "controversial" sites were attacked by some rainbow warriors.
    {{ DiscussionBoard.errors[9436941].message }}
    • Profile picture of the author damoncloudflare
      Originally Posted by origin View Post

      I have had client sites DDOS attacked and unless you are on the $200 pm plan Cloudflare is not going to help you. So if you are worried about DDOS and looking to sign up with them for that purpose, you are looking at $200 pm at least per site.

      Having said that, if you have a run of the mill website and are not in controversial niches like religion, politics, adult and other sensitive topics you should not worry too much about DDOS. I have over 400 websites under my control and over the past 10 years only 2 "controversial" sites were attacked by some rainbow warriors.
      We actually provide DDoS protection to everyone via I'm Under Attack mode. This feature is available to everyone, including those on a free or Pro plan. The Business and Enterprise plans are the only ones where we guarantee the DDoS protection, however.
      Signature
      {{ DiscussionBoard.errors[9440004].message }}
  • Profile picture of the author NobleSavage
    Google crimeflair
    {{ DiscussionBoard.errors[9437627].message }}
  • Profile picture of the author LuckyIMer
    I am using it and it is good for filtering traffic and also it can help in DDOS attacks.
    {{ DiscussionBoard.errors[9437747].message }}
  • Profile picture of the author kpmedia
    Independent trials have again and again shown it to more likely SLOW DOWN sites, not speed them up.

    Furthermore, their "security" has been known to block legitimate traffic from sites, meaning you lose money. There are much better ways to secure sites.

    The DDoS protection is very weak. Quality DDoS costs $$$ per month, from a company like Black Lotus. Nobody can give it away for free. It's a CF upsell is all that is.

    And if you want a good CDN, then again pay for one. A quality CDN is going to be at least $10 per month or more -- not free.

    They've had lots of downtime issues in the past as well.

    You get what you pay for.
    {{ DiscussionBoard.errors[9438064].message }}
    • Profile picture of the author damoncloudflare
      [QUOTE=kpmedia;9438064]Independent trials have again and again shown it to more likely SLOW DOWN sites, not speed them up. "

      There are plenty of cases online where customers state we help speed up their site. We also wouldn't have large clients, those that have been with us for a long time I might add, if we were consistently causing performance issues (4chan, Metallica, etc.) We also wouldn't have been able to partner with most of the larger hosting providers in the world if we were consistently causing issues as well.

      "Furthermore, their "security" has been known to block legitimate traffic from sites, meaning you lose money. There are much better ways to secure sites."

      You don't seem to understand how it works, unfortunately. There are two things that would lead to challenge behavior:

      1. The IP address the visitor is on has shown problematic activity online recently (spammer, exploit attacker, etc) from data sources like Project Honeypot. This would present a challenge page to a visitor on that IP & they can still enter the site by passing the captcha.

      The challenge page is also good at stopping bad bots, since most bots are not capable of passing a challenge page.

      Note: The challenge page isn't a *block*. A legitimate visitor simply has to enter the captcha.

      2. The Web Application Firewall. A visitor triggered a rule from the OWASP Top Ten.

      Any security solution, not just CloudFlare, can have false positives. Site owners do have the option of overriding behaviors by (a) whitelisting the IP of the visitor, or (b) changing the security level settings and/or rule sets that are triggering the behavior.

      "The DDoS protection is very weak. Quality DDoS costs $$$ per month, from a company like Black Lotus. Nobody can give it away for free. It's a CF upsell is all that is. "

      We absorbed what was probably the largest DDoS attack in history at the time and have absorbed attacks at 400 gbps.

      "And if you want a good CDN, then again pay for one. A quality CDN is going to be at least $10 per month or more -- not free."

      CloudFlare isn't just a CDN.

      "They've had lots of downtime issues in the past as well."
      Not really. While we may have temporary issues in some data centers related to attacks or upstream provider issues (not within our control on that), we haven't had any network wide issues in quite some time. We are also very transparent when we think an issue might impact some customers, so we actually tend to over communicate about a known issue.
      Signature
      {{ DiscussionBoard.errors[9440032].message }}
  • Profile picture of the author thefulltimer
    We've been using CF paid for quite a while now. I think if you are just starting out and you don't have any real investment of time or money in the site right now, it's not a must.

    If you start making money, getting more traffic and you want to protect your investment, then I'd go the paid route. Their free version I don't think is that great.
    {{ DiscussionBoard.errors[9438237].message }}
    • Profile picture of the author damoncloudflare
      Originally Posted by thefulltimer View Post

      We've been using CF paid for quite a while now. I think if you are just starting out and you don't have any real investment of time or money in the site right now, it's not a must.

      If you start making money, getting more traffic and you want to protect your investment, then I'd go the paid route. Their free version I don't think is that great.
      What do you think should be in the free version? There's actually quite a lot offered to free customers free of charge, so just curious as to what you think should be there.
      Signature
      {{ DiscussionBoard.errors[9440036].message }}
  • Profile picture of the author vishwa
    I am just curious to know about How cloudflare works with Godaddy managed WordPress Hosting? I am using Godaddy managed WordPress hosting and happy with them never face any problem or downtime issues. But Really want to try cloudflare on it.
    Signature

    Blogging Tips & Tricks @ https://blogwithvk.com

    {{ DiscussionBoard.errors[9440951].message }}
  • Profile picture of the author xrobot
    CloudFlare , the best DDOS attacked protection
    {{ DiscussionBoard.errors[9441071].message }}
  • Profile picture of the author denharsh
    It's perfect and highly recommended. You get many features for free and will speed up your site.
    {{ DiscussionBoard.errors[9448143].message }}
  • Profile picture of the author AndreVas
    Use CloudFlare gladly... mainly because it dramatically increased speed of my website. Obviously resulting in more sales. At least 5% if I were to guestimate.
    Signature

    "There is nothing either good or bad, but thinking makes it so." - W. Shakespeare

    {{ DiscussionBoard.errors[9450310].message }}
  • Profile picture of the author samk2824
    Its Really Good To Have CloudFlare Installed In Your Site...
    It Speed Ups Your Site Load Time
    Saves Your Site From DDOS Attacks And Other Attacks...
    Make Your Site Live In Hosting Issues Too...
    {{ DiscussionBoard.errors[9451981].message }}

Trending Topics