When I first started blogging, security was the last thing on my mind. I figured that hackers were only out to get big sites like Basic Blog Tips and Pro Blogger, but that simply isn't true.
Hackers try to get into all blogs – big and small – but it wasn't until my friend Enstine's blog got hacked that I took action.
At this time, I saw that a lot of bloggers were raving about this plugin called Better WP Security which essentially protected your WordPress blog from almost any kind of malicious attack. It blocks out people trying to log into your WordPress dashboard, leave spam comments, access your .htaccess file, or any other kind of hacker-like attack.
About a month ago, I saw Justin of Dragon Blogger talking on Facebook about a new service he was using called Incapsula. I decided to sign up (it's free) and give Incapsula a try.
What Is Incapsula?
Most bloggers know about content delivery networks such as Cloudflare or Max CDN. Incapsula is essentially the same in regards to their content delivery services, but they also have advanced security features set in place to protect your website from hackers, spammers, and other bad guys.
The best way to visualize Incapsula is to think of it as the “middle man”. Incapsula sits between your server and your reader, so instead of your user's computer asking your server to deliver your blog's pages directly, it asks Incapsula and then Incapsula talks to your server. So instead of all kinds of malicious people having direct access to your servers files, they have to go through Incapsula to get the content. If Incapsula thinks the person trying to access your site is malicious, they will lock them out.
In addition to protecting your server, Incapsula also gets rid of some of the server load. Instead of 100,000 people requesting the same exact page directly from the web server, Incapsula will only request it once and then deliver it to those 100,000 people. Depending on the amount of views your website gets, this can drastically decrease the amount of bandwidth you are using up with your web host.
Does Incapsula Actually Work?
After being active for just 7 days on my blog, Incapsula picked up the following statistics:
- Human Visits (all humans that visit the site): 21,284
- Bot Visits (all bots including search engine crawlers, Alexa, etc): 8,212
- Bad Bots (the malicious bots): 568
- Illegal Resource Access (trying to access files like .htaccess): 6
- SQL Injection (someone trying to ruin the database): 1
- Cross-Site Scripting: 1
After looking at these statistics, it scares me somewhat. After just one week, I had 29,496 views (human + bots) on my blog. Although less than 2% of those viewers were bad bots, those are still potentially malicious attacks directed towards my website.
If this were the statistics for a large site like Basic Blog Tips, the percentage would probably be much higher.
Also, Incapsula is showing that they have 2.6GB of my website cached so that's taking a large amount of server load off my web host.
Setting Up Incapsula
Setting up Incapsula is free and takes only a few minutes.
Unlike Cloudflare, Incapsula requires you to change your DNS settings instead of your name servers, so you will experience absolutely no downtime.
Incapsula works on websites with static HTML pages, WordPress blogs, forums, etc. I am currently using it on a static HTML, CSS, and JavaScript website, two WordPress blogs, and a XenForo-powered forum.
With all the free benefits that Incapsula supplies, it would be silly not to use it.
Have you tried Incapsula, what do you think about it?