Securing and Accelerating Your Niche Sites With CloudFlare

| June 21, 2012 | 0 Comments

Recently I’ve been looking at a few items that could use improvement in my niche site portfolio:

Speeding up the load time of my niche sites in my portfolio to improve user experience.
Tightening overall security across the board, since you can never be too secure with WordPress.

I’ve been treating those as two distinct problems and looking for solutions to both. Little did I know that there was one solution that could satisfy both issues.

Increasing Site Speed

With regards to speed, I wanted to increase the user experience by decreasing page load times because I happen to use shared web hosting to host most of my sites. In niches where you are separated by mere inches from your competitor, having every advantage that you can get is ideal. Page loading speed is also important as a ranking factor as well.

Google has a nifty tool to measure the page speed of an individual page on any website, located here: https://developers.google.com/speed/pagespeed/insights. You get a score from 0 to 100, higher meaning the faster your web page loads. For the most part I can score from the high 80s to low 90s without any optimization. This makes sense since most of the themes I use are lightweight anyway and I try not to use a lot of plugins.

But, I wanted to see if I could push this number just a little bit higher if at all possible. I ran the tool against some competitors and we scored about the same, so I wanted an edge here.

Increasing Security

When it comes to security, WordPress as a CMS doesn’t exactly get the highest amount praise for being totally secure out of the box. I’d been using a series of plugins to help lock down each of my sites, and also been using WordPress File Monitor to keep an eye out for malicious activity.

The unfortunate thing about the latter plugin is that while it does alert you for file changes, it tends to do this so often that you end up with information overload. I don’t have time to read reports for multitudes of sites on a daily basis, so I needed some way to operate more efficiently.

Enter CloudFlare

CloudFlare is a hosted website security and acceleration service that works by routing web traffic through their DNS servers first before it is served to the destination. Not only do they protect against malicious threats, scripts, and exploits, but they also do performance optimization so that your website loads faster.

What’s great is that they have a free plan that allows unlimited websites to be added to their service. If you need more speed and more security, you can upgrade to a paid version.To be honest, I came across these guys before and implemented for my personal blog, but at the time I genuinely thought that you could only add one website in the free plan. When I found out that you could add more, I was stoked! So I decided to try a few of my sites to see it worked well on a larger scale. At the very least, my sites were going to be more secure, but I also hoped that I could squeeze a few Pagespeed points out of the acceleration features as well.

Adding Webites to CloudFlare

After you’ve signed up with them, the main dashboard interface will allow you to add sites at will. You will need to know how to modify DNS server entries at your registrar (e.g. GoDaddy, Namecheap, etc.) so if you don’t know how beforehand make sure to read up on that.

Adding a site is as simple as entering the domain name into the dashboard:

Adding a domain to the CloudFlare interface

Click to enlarge

Once you add the site and continue, CloudFlare will scan your website’s current DNS records so that it can copy them over. This process takes about a minute or so. Once done, you can simply continue.

Scanning DNS records

Scanning DNS records – click to enlarge

New domain scanned

New domain scanned – click to enlarge

The next thing that you’ll see is a list of the DNS records that CloudFlare found from your current registrar. One of the neat things that you can do is opt to pass traffic through CloudFlare’s servers or direct through to your site via separate DNS entries. This is if you have a special need that requires you to access your website directly instead of having it screened first through CloudFlare. You may have some kind of special web application that doesn’t work with CloudFlare (think outside of the WordPress bubble for a minute here) and so you can enter in a new DNS record to get to your site directly. Pretty cool that you can still have the backdoor open, so to speak, although at the compromise of some security. This is your choice whether to do this or not.

DNS records all scanned into CloudFlare

DNS records all scanned into CloudFlare – click to enlarge

The next thing to do once you’ve confirmed your DNS entries is to choose your CloudFlare plan, Performance settings, and Security settings. I just use the Free plan for now as it’s good enough for my needs, but you may need a higher plan if you want more security and speed.

CloudFlare Settings

CloudFlare Settings – click to enlarge

For the Performance dropdown, it defaults to the “CDN only (Safest)” setting. I tend to change this to the Medium setting so that it performs some Javascript optimizations as well. It hasn’t broken any functionality that I can see with my themes or plugins. It also works with my AdSense, Infolinks, and Media.net codes.

Performance Settings

Performance Settings

For Security, I tend to leave this at the Medium setting. One of the problems I’ve been having lately are people scraping my sites with Scrapebox or other tools to steal my content. One of the cool things that CloudFlare can do is that you can present the offending scraper with a captcha prompt if they want to continue to the target site, assuming they make repeated automated visits. Most scrapers will use decaptcher services anyway, but they do cost money. Admittedly this is pennies per captcha solve, but hey, if you’re gonna steal and spin my content anyway I might as well charge cover admission (indirectly of course). Someone on my host has been DDoS’d before, which took down some of my niche sites late last year, but CloudFlare mitigates against that as well even at the lowest security setting.

Security Settings

Security Settings

The next thing that you’ll need to do is update your DNS servers. This has to be done at the registrar level. CloudFlare will give you two new entries to replace the ones at your registrar. Typically, if left at default, you’ll have something like ns43.hostgator.com and ns44.hostgator.com, or something to that effect. What you would have to do is to go into your admin/management screen at your registrar and change these to the ones that you get from CloudFlare. Make sure to save the changes and then continue through the setup process back at CloudFlare once you do.

Update DNS at your registrar

Update DNS at your registrar – click to enlarge

Once that’s done you’re taken back to the dashboard. It could take up to 24 hours for the change to complete properly, but for the most part it takes much less time than that. Depending on your DNS provider, you should have a screen similar to the below once you go to update your entries:

Updating DNS at Internet.bs

Update your DNS at your provider

All done:

CloudFlare Setup Complete

CloudFlare Setup Complete – click to enlarge

Testing the Speeds

Head on over to the Google Pagespeed site and give it a whirl. Enter the domain in the text box and hit the Analyze button. In a few moments you should get your score, something like this:

Google Pagespeed Results

Google Pagespeed Results – click to enlarge

For this website, I got a score that was 92 out of 100. Not bad considering that I haven’t done any other form of performance optimization on the site, as it’s all being done by CloudFlare. I could probably push that a few points even higher if I chose the fastest performance setting as well as addressed the Pagespeed suggestions from Google in the results screen.

For reference, when I originally ran the Pagespeed test, I scored 90 out of 100. This site is pretty lightweight though, since it’s running Chris Guthrie’s and Spencer Haws’ Niche Website Theme.

Advantages of CloudFlare

For the price (free if you want, paid otherwise) I think that it’s pretty hard to beat CloudFlare’s services. They have a very simple process to add your sites to the service, and even if you’re non-technical you can work with your DNS or hosting provider to help change the DNS server records to what you get from CloudFlare.

I really like the captcha prompts to help against spammers/scrapers too. It’s not a deterrent so much as it is a nuisance, but every bit helps.

One of the other cool things is that CloudFlare will also give you nice dashboard view of analytics, as seen below. You can view all your sites or one at a time to see what kind of traffic has gone through (regular, crawlers/bots, and threats). You’ll notice that every time a new WordPress exploit comes out that you’ll see a spike in traffic, for example.

In addition, it does have some nifty features like Clicky integration, if you don’t happen to use Google Analytics. I wasn’t able to try this, but if you’re looking for more in-depth reporting then it is indeed possible with CloudFlare.

If the CloudFlare servers are ever down, there is email notification of when that happens. Hopefully it never happens to your sites, but it’s possible. I’m happy to say that this feature is present in the free plan.

For programming nerds, they also happen to have an API that also doesn’t seem to cost anything as far as I can tell. This means that you can interface with the data within your CloudFlare dashboard to develop custom tools and reports if you so desire.

Lastly, they even have a free WordPress plugin that enables more features that adds server database optimization as well as IP address security features and some spam protection.

Disadvantages of CloudFlare

The most obvious downside is the introduction of yet another point of failure for your niche sites. If the CloudFlare servers were down, then of course your sites would be as well. But again, there is notification of this even in the free version at least.

Another disadvantage is that your data travels through yet another set of eyes. If you are dealing with sensitive information then you may not be able to leverage their services because of organizational compliance (I’m thinking beyond niche sites for a moment here).

While the free version is good, the paid version can get very expensive quickly. The next level up is the Pro version, which is $20/month for the first website and subsequently $5/month for each additional website. If you have a lot in your portfolio this can escalate very fast, and may not be worth it to you. Although you never want to compromise on speed and security ideally, it may not be cost effective for you unless you require acceleration for mobile devices, real-time stats, and the other features found in the paid versions.

The Bottom Line

I think that CloudFlare is great addition to your arsenal of tools to help speed up your niche sites while increasing security all around. Its numerous features are available at an extremely attractive price ($0) while leaving the really premium features out at a premium price. In other words, you don’t have to pay for stuff that you really don’t need on a small scale. If you do happen to need the premium features, then you aren’t creating small niche sites now, are you?

Give it a try for free here: www.cloudflare.com

If you enjoyed this post, please consider leaving a comment or subscribing to the RSS feed to have future articles delivered to your feed reader.

Tags:

Category: Productivity

Leave a Reply

Your email address will not be published. Required fields are marked *