If you read any of my past blog posts, you know I favor a layered defense for self hosted, WordPress blogs. I’m very fond of the CloudFlare (CloudFlare), Bad Behavior and Akismet combination. Recently, I found a user who users this very combination. He shares this in a blog post at Bad Behavior, CloudFlare and Google Bot.
Here’s some excerpts he says about the strategy:
- “My first line of defense from ne’er-do-wells and miscreants is CloudFlare.
They stop most of the bad guys before they even reach my site. Still, for some sorts of attacks, when there’s doubt it’s better to let the bad guy through. It may turn out to be a good guy.”
- “A program called Bad Behavior is my next line of defense. It sits on my server and quickly spots liars and weasels. For dangerous-looking attacks, that’s the limit. But, when there’s doubt and the site itself is not at risk, Bad Behavior will let the attack through.”
- “Most of the comment spam has been stopped as well, but some has been given the benefit of the doubt. That’s where Akismet comes in. This layer spots the rest of the comment spam, and it can be much more aggressive since it doesn’t actually cut the spam, it puts it into a bin for future review.”
The problem this user runs into is with the order of CloudFlare and Bad Behavior working together. But I should add this should no longer be an issue. Since the redesign of Bad Behavior, it now works well with CloudFlare. It should no longer get false positives from bods like Google and Microsoft since the new architecture 2.2+ was introduced.
There’s also a point the author makes about using the CloudFlare plugin. The best solution is to run both the CloudFlare WordPress plugin, along with the CloudFlare Apache module. Unfortunately, not all hosting companies run the Apache module. This will change in time.
I found CloudFlare quite easy to use. It also does some excellent caching and you can refer to Google Analytics in CloudFlare.
Some good WordPress plugins are described in the article entitled 10 Powerful and Free WordPress Plugins at 10 Powerful and Free WordPress Plugins. I also like the plugins WP Super Cache, All-in-One SEO Pack and Secure WordPress.
It should be noted that CloudFlare mentions they work well with spam plugins like Akismet, caching plugins like WP Super Cache, and Google Analytics plugins like Google Analytics for WordPress.
I should mention I played devil’s advocate in the past. I pretended I was a hacker for a client site and tried getting past both CloudFlare and Bad Behavior. They have a very good set of defenses. This is all approved behavior – mind you. I wanted to make sure these packages lived up to their reputation.
Akismet is also very good and is light years ahead of Defensio (i.e. a close competitor). Sometimes it gives false positives but it is probably over ninety percent right. Please enjoy the SPAM tools recommended here.