TL; DR: Let’s be honest — most site owners don’t have the IT expertise to adequately protect their websites from security threats. While they might know that speedy page loads help business, they don’t have a clue how to make it happen. In light of this, industry-leading security and optimization company CloudFlare continues to evolve with the latest threats, standards, and technology. Now offering IPv6, HTTP2, and Server Push, along with a new WordPress plugin, web application firewall, and Universal SSL licenses, CloudFlare touts products that make a major difference with minimal effort from site owners and hosting providers alike.
It’s no secret that site owners typically don’t think about security until it’s too late. Even if they know about the importance of having a secure and stable website, they might not know the best or most current practices to keep their site safe.
The same can be said for a site’s performance and optimization, which can have drastic effects on a business’s revenue, according to CloudFlare Partner Account Manager Ashley Gorringe.
“A lot of people don’t think about these issues, particularly around DDoS, until they’re actually under attack,” he said. “In many cases, new customers are coming to us as a reactive measure.”
CloudFlare, which established themselves as leaders behind a next-generation CDN, lightning-fast DNS, and comprehensive threat protection, continues to churn out new features that make security and performance easier to achieve right from the start.
“We’re focused on making life easier for hosts and their end customers. Most site owners using CMS platforms like WordPress or Magento aren’t that technical,” Product Manager of Partnerships Rahul Mahajan said. “With CloudFlare’s new plugins for WordPress and Magento, we’re making optimizing and securing their websites 1-click simple, so they can focus on their blog or business and not have to worry about the technical details.”
Classic CloudFlare: CDN, Optimization, DDoS, DNS, & Security
CloudFlare enhances web performance with both a state-of-the-art CDN that places static content closer to site visitors and several web content optimization products.
On the product front, some of our favorites include:
- Rocket Loader minimizes the number of network connections.
- Polish and Mirage optimize images.
- Railgun accelerates dynamic content that was previously uncacheable.
With roughly 90 datacenters spread across the globe, CloudFlare’s CDN makes sure customers’ websites are always available and performing at their best.
“We have that constant drumbeat of all our new datacenters that we’re launching,” Ashley said. “It’s a great way for us to talk to and reach new geographical markets.”
The company’s strong network, proprietary software, and custom-built hardware means that DDoS attacks — escalating in both size and frequency in the last few years — aren’t much of a concern to CloudFlare customers.
“CloudFlare’s sheer scale helps thwart even advanced and large DDoS attacks,” Rahul said.
CloudFlare’s network has defended against sustained attacks of more than 400 Gb/s and can get affected sites back online within minutes.
What’s more, CloudFlare powers more than a third of managed DNS domains and serves 43 billion DNS queries per day, making it one of the largest authoritative DNS networks in the world.
New for 2016: IPv6, HTTP2, WordPress Plugin, & Universal SSL Updates
As technology and security threats change, so do CloudFlare’s offerings. Here are some of the company’s newest products and initiatives this year:
Speeding Up a Growing Internet with IPv6, HTTP2, & Server Push
One of the fastest-growing providers of IPv6 connectivity, CloudFlare has helped nearly one million websites join the modern communications protocol.
The company had been offering IPv6 support and a gateway since 2012, but the company recently enabled IPv6 support by default for all customers, making the transition as smooth and painless as possible.
Also new this year is Server Push, a feature of HTTP2 that allows a server or edge network to send resources to a web browser preemptively. A more efficient equivalent to inline assets, HTTP2 and Server Push minimize the number of HTTP requests and allow multiple assets to be cached independently.
Adopting HTTP2 alone speeds up your website dramatically — a demo on CloudFlare’s website showed that HTTP2 was able to load an image nearly 11 times faster than HTTP1.1.
New WordPress Plugin Means 1-Click Optimization & Security
In another effort not to overwhelm site owners with security and performance metrics, CloudFlare developers packaged the best WordPress-specific settings and features into a plugin that users can activate in just one click.
“You don’t have to think that much more about it at all,” Rahul said, adding that more advanced users will be able to access additional features and services if they’d like. “What that plugin is doing is really encapsulating all of CloudFlare’s benefits in one very-easy-to-use interface for site owners who may not want to think as much about the complex details.”
Due out any minute now, the new CloudFlare plugin will automatically purge CloudFlare and WordPress caches after successful website updates.
Web Application Firewall Boosts Security Without Slowing Down Your Site
As another layer of security for platforms such as WordPress or CoreCommerce, CloudFlare built their web application firewall (WAF) with built-in rulesets tailored to mitigate attacks specific to individual CMS vulnerabilities. While the WAF protects against overall security threats such as SQL injection, comment spam, and cross-site scripting, it also takes the stress out of updating the CMS to a potentially unstable version.
“We’ll actually attach those rulesets before the upgraded CMS is out in the wild or when they’ve just been released,” Ashley said. “For customers worried about upgrading because of the big concern of it upsetting their CSS, they automatically get protection.”
Universal SSL & the Push to Help eCommerce Merchants Reach PCI Compliance
CloudFlare’s web application firewall meets all security requirements for PCI compliance, the standard for accepting online credit card transactions. Tapping into the booming eCommerce market has been a major focus for CloudFlare, according to Ashley.
“PCI compliance is a great way for us to start conversations about security and performance, particularly as it relates to eCommerce,” he said.
As part of their Universal SSL effort to encrypt as much web traffic as possible to prevent data theft, CloudFlare enables SSL by default for all customers — including those on the free plan.
“People are just used to seeing the lock icons and https in their browser bars,” Rahul said. “For their customers to trust them, they need SSL.”
CloudFlare is Committed to Creating a Stronger, More Secure Internet
Since launching in 2010, CloudFlare Co-Founders Matthew Prince, Lee Holloway, and Michelle Zatlyn have grown the company to more than 300 employees in six office locations. Currently located in San Francisco, CA; Austin, TX; London, UK; Champaign, IL; Washington, DC; and Singapore, Ashley said the company is looking to open additional offices later this year.
CloudFlare employs a team heavy with engineers and developers to keep up with the technical nature of the company’s products and the problems they’re looking to solve.
At the end of the day, however, Rahul said that all the complexity and technology boils down to CloudFlare’s mission: Build a better Internet.
“Everything we do ties into that mission,” he said. “Our Co-Founders and CEO are extremely passionate about that, and it trickles down throughout the organization.”