Product: Cloud Defender
Product Type: WordPress security
Price: $15.78 (dime sale – price rises by $0.01 every 10 sales)
Where To Buy: Click here to go to the sales page
Guarantee: 30 Day Money Back Guarantee
My Rating: 4.8 out 5
The Video Version of This Review:
The Cloud Defender Overview
In my previous post, I talked about why securing your WordPress site is vitally important these days.
I also mentioned the increasing importance of using SSL certificates both to enhance the security of your site along with the rankings boost it will provide in Google.
In this post, I’ll review a new WordPress security tool that will help harden your sites against hackers.
Cloud Defender, which comes from Matt Garrett, consists of 4 WordPress plugins and training on how to set up a free Cloudflare account to maximize your site’s security protection.
The Cloud Defender Developer Product
Training for this product is provided in a PDF document. This is a dime sale, so the price does go up after a number of sales. At the time this post was written, the package cost $15.78.
It’s worth pointing out that this is the Developer version of the package, so you are able to resell it as a service to as many clients as you choose. However, you cannot use the Cloud Defender branding or sales materials. You also cannot sell the rebranded service on JVZoo, Warrior Plus, Zaxaa, Nanacast, Clickbank or ClickSure.
You must change the product name and rebrand it in order to offer ongoing web security services to any client with a WP site, in any niche.
Selling the rebranded service via your own website or on a mailing list would be fine.
Cloud Defender Training
There is some complexity in setting this system up. It’s not just a matter of installing the 4 plugins and you’re done. Cloudflare plays a significant role in the security measures you’ll be implementing.
However, all training relates to setting up and configuring a free account on Cloudflare, so there are no additional fees to worry about.
You can choose to set up a Cloudflare account for each of your websites or set up a single account where you can manage all your websites. While this latter option makes site management easier, it does mean all your eggs are in one basket and should your Cloudflare account be hacked, then all your sites’ security options will be available to be tampered with.
To combat this issue, the training suggests that you implement 2-Factor Authentication (2FA). In fact, it’s a good idea to use 2FA on any account that holds a valuable resource (like your Gmail account, etc).
The training guide is 58 pages long. It covers everything from describing what Cloudflare is all about to how to configure its various security options and how to install and configure the 4 plugins.
- CloudFlare Setup & Securing Your CloudFlare Account
- DNS Settings & Security
- Firewall Settings
- Speed Settings
- Cache/CDN Settings & Page Rules
- Network Settings
- Installation of the 4 plugins
- Introduction to SSL and free SSL Cert installation
Once you’re familiar with the setup process, it shouldn’t take more than a few minutes to add a new site to your Cloudflare account and configure its security options.
Having the ability to offer this service to clients could be a money-spinner. This is “Black Magic” stuff as far as they’re concerned! 🙂
Improving Site Performance
While Cloudflare is primarily a WordPress security service, it can also speed up your site as well. Every second counts when a page is loading.
There is a Minify option that might mean you can dispense with caching plugins like Autoptimize or the Minify section of W3 Total Cache. I haven’t deactivated these on my own sites but I am also using Cloudflare’s Minify option.
Testing Site Speed
It’s a good idea to check how much of a boost Cloudflare has given to your site. Temporarily take it out of the Cloudflare network and run a speed test on GTMetrix or Pingdom, so you can see your normal site load times.
Then re-enable the site in Cloudflare, and re-test the speed.
The PDF document walks you through the process.
The training then covers the implementation of 3 Page Rules that, first, force all page requests to use SSL (i.e. all your pages load with the https:// prefix); second, provide additional security for the WordPress admin user and, thirdly, could dramatically reduce page load times.
This 3rd rule should really only be used on sites that either don’t use the WordPress commenting system (or get very infrequent comments) or sites that use a 3rd-party commenting system like Facebook comments or Disqus.
The Cloudflare Plugin
This plugin ensures your WordPress blog is running optimally on the CloudFlare platform.
The Cloudguard Plugin
This provides even more security for admin and user access to the admin pages on your site. Using CloudFlare’s free Geolocation service, this plugin restricts access to your login page, allowing access to only your chosen countries. This means that any login attempts from the rest of the world will be automatically blocked.
Note that if you do restrict login access to one or two countries, and you’re travelling abroad, outside of those designated countries, you won’t be able to log into your site (e.g. if you’re running a travel blog). You will need to use a VPN to spoof your country of origin so you can log in!
The Purge Cache Plugin
This plugin automatically clears the CloudFlare cache when you publish new content. It also helps to further the protection of your WordPress site at the DNS level.
The Simple SSL Plugin
This plugin forms an integral part to enabling Flexible SSL on WordPress and prevents infinite redirect loops when loading WordPress sites under CloudFlare’s Flexible SSL system.
Free SSL Certs For All
Using CloudFlare’s Flexible SSL on WordPress isn’t as simple as just turning it on. This was something I’d tried in the past and my sites never rendered correctly so I ended up disabling the option.
With the Simple SSL plugin that issue is now resolved. It’s the key in being able to use Cloudflare’s free SSL correctly.
As with practically every internet product out there, there are upsells for this product. Only one in fact.
Upsell: Cloud Defender Pro (Video Training) [$27]
If you’re the kind of person who learns better from watching someone demonstrate how to do things, this upsell is a worthwhile investment. It covers all aspects of the training but broken down into bite-size over-the-shoulder style videos so it’s easy to find the video for the setting you’re interested in.
If you prefer reading instructions, then you don’t need this upsell.
OTOH, if you’re looking at rebranding and reselling Cloud Defender, then you also get developer rights to these videos when you buy this upsell. Video training sells better than PDF documents.
There are many security plugins (both free and paid) that you can add to WordPress sites to harden them against hackers. But having a security protocol that comes into effect even before traffic reaches your blog seems only sensible today.
A hacked blog will plummet in ranking once Google becomes aware of its hacked status. Sometimes the blog’s original ranking can never be recovered. This is yet another reason to make your blog secure.
Google have already announced that the use of SSL on a site will improve how it ranks. The Cloud Defender package shows you how to get and implement a free SSL certificate on all your websites. It removes the the requirement of having to renew a commercial cert every year and the onerous task of having to manually set one up.
Because SSL is technical in nature, most webmasters don’t use it. Now that impediment has been removed and for that reason alone, the price of the Cloud Defender package is more than worth it.
What I Do Like
- The package provides solid training on how to use Cloudflare to improve the security of your WordPress blog(s)
- Training is straightforward but can be a little technical. You don’t need to understand everything about security to use this. It’s point and click stuff for the most part.
- The Simple SSL Plugin worked out of the box making my test site render correctly with SSL and the https:// prefix.
- You also get a checklist of 17 items to run through when securing a site, so you don’t miss anything.
- You are allowed to re-brand and re-sell the service to your own clients at whatever price point you choose.
- It’s a very cheap solution to hardening your blog against hackers. If your site ever does get hacked, you’ll quickly learn how much time and money that will cost you. It will be far in excess of the cost of buying the Cloud Defender package.
What I Don’t Like
- There’s actually no mention of how to configure the Cloudflare plugin itself. It requires the email address you used to sign up to Cloudflare and an API key (so you need to have a Cloudflare account before installing the plugin). Just follow the links to find your API key, and copy and paste it into the plugin settings page. My recommendation would be to install this plugin first along with its API key and then click the Apply button on the Apply Default Settings section before you start changing settings for your site in Cloudflare itself.
- The Purge Cache plugin as actually named Sunny on your WordPress Plugins page (making it hard to find if you’re not aware of this fact). There’s no training on how to set up the options in this plugin either. I’m not sure if this plugin is needed any more as there’s an Automatic Cache Management option in the Cloudflare plugin that can take care of purging the cache. The Sunny plugin does offer greater control over what gets purged and allows you to set up automatic bans of IP addresses and users should you need to. However, some training on the best settings for this plugin would be welcome.
- While SSL worked properly (for the first time ever on my test site), there was an issue with the Digg Digg Alternative social sharing plugin I use – the StumbleUpon icon doesn’t display and a couple of bullet points appear in its place instead. This is most likely an issue with that plugin than anything else.
With over 30,000 WordPress blogs being hacked each day, you don’t want yours to be among them. The loss of business and reputational damage aren’t worth it.
I hope you enjoyed this review and if you have any questions about Cloud Defender or want to leave your own personal review, leave a comment below.
Tagged with: Cloud Defender • CloudFlare • Flexible SSL • hacked blog • Matt Garrett • site security • SSL • SSL certificate • Wordpress hack • wordpress hacked • WordPress security • wordpress security plugins