When you are choosing how to protect your website there are a few different options. But in the main, the goal is to have a firewall between the wild west of the internet and the peaceful internal world of your website. That firewall can either be local, as in it’s installed right on your website. You’ll see this type of firewall called an Endpoint Firewall. Or it can be a cloud, or remote, firewall. There are good arguments for both. However, after looking at the pros and cons of both of them we’ve come to believe that a local, or endpoint, firewall makes more sense to us and has advantages that the cloud firewall can’t provide. Out of the options for an endpoint firewall we have chosen to use WordFence as the security system we use on every site we build.
WordFence has a really good free version that will do an excellent job without any increased costs. It also has a premium version with an annual fee, but is absolutely worth the investment if you have anything on your website that you want to keep safe and running smoothly all the time.
The differences between Cloud vs Endpoint Firewalls
Since you likely don’t really care all that much about the differences other than to know the one we choose is a good one, I’ll be brief.
First, there are no actual “clouds” involved in a cloud firewall. It is just a server that is sitting in a data center. Our concern about this stylle of security is this; for the cloud firewall to check your traffic for bad things, your website traffic goes from your visitors through the internet to the data center and then back out over the internet again to your website. That loop provides the opportunity for the traffic to be tampered with.
The Wordfence firewall runs right on the server it is protecting. That means the traffic that comes to your site is forced to go through it and can’t be bypassed as it goes back and forth over the internet. Your traffic is only going from your site visitor to your server. You have control over your firewall and it is not shared by any other website. You aren’t depending on someone else’s servers or data center.
Secure Your Site’s Outer Edges
At Holtslander Communications we have chosen to apply security using the endpoint system Wordfence provides. Wordfence provides an excellent firewall that is continuously updated. Premium customers receive firewall rules in real-time and free users receive new rules 30 days later.
Wordfence includes a malware scanner. Cloud firewalls typically only provide firewall functionality – they do not have the ability to scan your website for malware. Again, Premium customers receive malware signatures and rules updated in real-time as new threats emerge.
Wordfence also provides a range of other features
- two factor authentication,
- brute force protection,
- country blocking
- IP blacklist (Premium)
- and more.
Wordfence only protects WordPress websites, so the information they track and develop defences for is specific to WordPress. They are significant participants in the security community and hear about developing threats and the latest methods for targeting WordPress websites. We’ve been very impressed by how quickly they move to block those threats.
Our strong recommendation is to install the free version of Wordfence immediately to secure the perimeter of your website. We also strongly encourage you to consider upgrading to Wordfence Premium to receive real-time firewall rule and malware signature updates as well as the protection of their real-time IP blacklist.