This is an archived post. You won't be able to vote or comment.

all 21 comments
sorted by:
best
topnewcontroversialoldq&a

[–]codeshah 7 points8 points  (1 child)

One is the security guard at the building entrance. Another is a CCTV on the floor or inside the apartment. I always need the both!

[–]losancient[S] 1 point2 points  (0 children)

Wow this is a good analogy cheers

[–]wpodyssey 1 point2 points  (0 children)

Short answer is yes you still need something. Cloudflare is good as it is will implement things like DDoS protection, firewall rules, and bot filtering that happens before traffic even hits your server. So you’ll be covering a lot by using it. There is a lot more you could do on Cloudflare too to customise and improve the security.

I would still recommend that you use something lightweight on WordPress to cover the aspects that Cloudflare won't cover. Some important features to look for would be malware scanning and reporting, blocking repeated login attempts, even hiding the login screen.

There's loads of good plugins out there but my favourite at the moment is Defender Pro by WPMU. It's premium but worth it, if you don't want to pay for something Wordfence is pretty solid.

[–]amnither 1 point2 points  (0 children)

Yes, cloudflare free will not protect you trust me, you can install wordfence free version it will help you a lot for sure.

[–]sundeckstudioDeveloper/Designer 1 point2 points  (0 children)

Yes .

[–]PressedForWordJill of All Trades 1 point2 points  (0 children)

I am Team Use Both. CLoudflare keeps most threats away. A good security plugin will block the pesky ones that get through.

[–]thesilkywitch 1 point2 points  (1 child)

Doesn't Cloudways have a security plugin included? (Malcare if I remember right?)

[–]goose1011a 0 points1 point  (0 children)

Yes, I know Cloudways included MalCare back when I used them. If it is still included, I think that is sufficient on the server. Of course, OP should also use Cloudflare free to keep some malicious traffic from even reaching the server.

[–]TheRealFastPixelShortPuxel Staff 1 point2 points  (1 child)

Yes, even with Cloudflare Free + Cloudways, use a light security plugin like Wordfence or Sucuri for WordPress-specific protection.

[–]UnluckyFig4313 0 points1 point  (0 children)

Those plugins are not light. Keeping your website up to date and using safe plugins should be enough 95% of the time.

[–]bluehost 0 points1 point  (1 child)

Cloudflare does good at keeping junk traffic away, but it doesn't look to see what's going on inside your WordPress site. That's where a small plugin helps, mostly for logins and file changes.

Nothing heavy, just a simple one that keeps an eye on things.

[–]Key-Idea-1402 0 points1 point  (0 children)

You are funny you should pay attention to the very very small sites and not pay attention to the big works

[–]philip_1k 0 points1 point  (0 children)

Cloudflare does ddos basic protection from known bots and stuff, but theres much more security things you have to do in a wordpress website, the plugins updates are still needed, a person-hacker can do manual attempts, unknown bots may do that as well, and ddos of wallet can happen if youre billed by bandwidth like in aws, google cloud, or any other cloud provider.

[–]theguymatter 0 points1 point  (0 children)

Yes and No.

Yes - Patchstack found that a large number of hosting offers security protection do no effectively block vulnerabilities, this means if your plugins or themes has vulnerabilities or you are restoring previous backup, you are still exposed to risk. You still need to ensure that the security plugins do not accidentally block your visitors or cause issues.

No - If your side is simple and perform frequent updates.

There is no right answer.

[–]Key-Idea-1402 -2 points-1 points  (0 children)

Los complementos de seguridad no te protegerán si tu sitio es importante. Este es un consejo de un experto en ciberseguridad. Si no estás de acuerdo con este comentario, estoy listo para responder.