June 27th, 2024
Global Edge Security: WP Engine Website Speed & Security Solution
DienyeDiri.Com is supported by readers like yourself. We may earn an affiliate commission when you purchase through links on our site, which enables us to continue to offer our research for free. More details here.
Website security is one of the top considerations any business person must have in mind when building a website.
Aesthetics is good, but of what good is your website if your site visitors are afraid to click on it?
This article is about a WP Engine security solution that comes to the rescue when your site security becomes a concern.
If your website is built on WordPress, then including this WP Engine advanced network security add-on to improve security, performance and privacy will be a game-changer.
The name of this security add-on? Global Edge Security (GES).
Lots of confusion exist regarding GES security.
Some writers call it WP Engine Web Application Firewall (WAF), others call it WP Engine’s DDOS protection plugin, while many more refer to it as just WP Engine security add-on.
But are they all right? What exactly is Global Edge Security (GES) and what benefits does it bring to users? Read on to find out.
What is Global Edge Security (GES)?
Global Edge Security (GES) is a cloud-first, enterprise-class security and performance add-on offered by WP Engine in collaboration with Cloudflare for all WP Engine WordPress hosting plans.
For website owners and enterprise organisations looking to improve their user experiences at scale, this WPEngine and Cloudflare partnership will provide app-level security and fine-tune your WordPress performance so that you can always stay ahead.
Over 80,000 customers across 150+ cities on WP Engine platform are using intelligent servicing to deliver secure, scalable digital experiences on the Global Edge Network, taking advantage of WordPress open-source technology and expansive developer community.
Global Edge Security (GES) offers enterprise-grade network edge security built specifically to secure your WordPress site. It comes with DDoS protection and a Web Application Firewall (WAF) with built-in expert rule sets from Cloudflare to automatically protect you against new and emerging threats.
The approach is multifaceted and works to harden security at the edge while adding strategic layers of security where you’re most vulnerable.
Some features of WP Engine’s Global Edge Security (GES) powered by Cloudflare include;
Managed Web Application Firewall (WAF)
Advanced DDoS Protection
Cloudflare Polish
Automatic SSL Installation
Cloudflare CDN
Let’s talk a lil’ bit about these features;
Managed Web Application Firewall
A Web Application Firewall monitors traffic and filters them before it hits your web server.
A Managed Web Application Firewall is different from other firewall, because it is ‘managed’ by someone else (WP Engine and Cloudflare in this case).
This firewall blocks the most common sources of attacks to websites like;
Cross-Site Scripting (XSS): When attackers detect vulnerabilities on your website, they inject malicious code into your website or application through these vulnerabilities.
From their end, an attacker can use JavaScript or HTML to manipulate this code they injected.
That way, they turn your vulnerable application or website into a ‘vehicle’ to drive their malicious intent on the end user – in this case, your website visitors or app users.
Cross-Site Request Forgery (CSRF): This type of attack impersonates a legitimate user, by taking over the user’s browsing session or hijacking the browser cookie for their browsing session.
Cross-Site Request Forgery attacks can deceive users into executing malicious actions as intended by the attacker.
In this kind of attack, the browser cookie becomes the ‘vehicle’ that drives the attacker’s intent.
SQL Injection: SQL injection attacks occur when an attacker attempts to input meta characters into a vulnerable web-based form with sinister intentions.
These kinds of attacks are very popular and usually affect websites driven by databases (including WordPress websites).
WP Engine uses Cloudflare’s Browser Integrity Check to evaluate request headers to determine if they’re coming from a real human or not before granting access.
Cloudflare’s servers use the OWASP ModSecurity rule set at the edge, protecting your website from numerous vulnerabilities.
The Web Application Firewall uses a set of security rules outlined by Cloudflare from years of experience detecting and mitigating these types of attacks to defend your website.
2. Advanced DDoS Protection
DDoS is short for Distributed Denial of Service. This type of attack happens on the Network, Transport, and Application layers of the Open Systems Interconnection (OSI) model.
The Network Layer (layer 3) defines the physical path requests should take through the internet.
The Transport Layer (layer 4) is responsible for transmitting and assembling packets of data between two endpoints.
In years gone by, attacks on these layers were very popular, and the intent is to make your website inaccessible.
Cloudflare detects and quietly removes these threats before they can find their way to your WP Engine server.
In recent years, the attacks have been directed more and more on the Application Layer (layer 7).
This layer is responsible for human and computer interaction.
These attacks are based on HTTP, SMTP, SSH, or FTP protocols and specifically targets an application or website.
Attacks on the Application Layer are typically from botnets, or private computers with malicious software, designed to send spam messages to get past security measures.
Cloudflare’s Edge servers can detect whether a request is legitimate and blocks those that are not.
This means only legitimate traffic makes it back to the WP Engine origin server where your content is hosted.
Using another method called Origin IP Protection, Cloudflare also mitigates and prevents attacks on the Application Layer.
Using this method, Cloudflare obfuscates your WP Engine server IP address and instead presents a Cloudflare IP address when attackers inspect your website.
This way, attackers are prevented from sending direct traffic to your WP Engine server.
3. Cloudflare Polish
WP Engine uses Cloudflare Polish to increase your website speed by reducing your image sizes. Cloudflare polish does this by;
removing metadata
applying lossless file compression
adding the WebP file format
This makes your image files 26% smaller and you don’t have to install additional plugins for image files compression.
To take advantage of this performance improvement, you don’t have to do anything more.
Just configure GES like normal on your website and WP Engine will automatically apply this.
4. Automatic SSL Installation
Secure Socket Layer (SSL) is used for authenticating and encrypting data over a network.
WP Engine’s GES automatically installs the SSL certificates in the WP Engine User Portal on the Cloudflare Edge servers.
This way, both the connection between the end-user’s web browser and Cloudflare will be encrypted, as well as the connection between Cloudflare and WP Engine.
This SSL installation is automatic with the Global Edge Security solution.
Global Edge Security – What are The Limitations?
Using two or more Web Application Firewall (WAF) can cause configuration issues, leading to slower web performance.
It will also inhibit your ability to receive help should you require WP Engine customer support.
So it is advised not to use a secondary Web Application Firewall (WAF), while using Global Edge Security.
Also, WP Engine and Cloudflare CDN, WAF, and DDoS configuration rules are automatically configured.
Meaning you’re not expected to do anything on that end if you purchase the Global Edge Security (GES) product.
WP Engine and Cloudflare rulesets and configurations are fine-tuned with performance and Defense-in-Depth in mind for the protection of your websites.
So, if you need a different (higher) configuration with custom rulesets, WP Engine might not honour that request.
You might want to speak to your WP Engine account representative.
Global Edge Security Key Benefits
Businesses From DDoS Attacks: WP Engine’s WAF inspects your network and stops malicious traffic at the edge before it reaches your server.
The WAF inspects traffic for Cross-Site Scripting or SQL attacks and is automatically updated to counter such threats.
Secure Visitors Data Using SSL/TLS: Websites route their traffic through Cloudflare’s global network of servers.
Cloudflare uses SSL/TLS certificates to encrypt data passing through its network to prevent data breaches.
With this, your site will receive the “secure” label per Chrome v.68 updates and data is encrypted in transit.
Managed WAF Ensures Server Availability: Because it is ‘managed’, the WAF will create new rulesets as newer threats emerge.
Thereby protecting your website from emerging threats and some vulnerabilities peculiar to WordPress.
Cloudflare CDN: Cloudflare’s Content Delivery Networks (CDNs) with 150+ data centers to accelerate security and site performance helps to deliver web content faster by reducing latency.
This way, your website speed is improved and customers can have a consistent experience, even if there is a spike in traffic.
How To Activate Global Edge Security on WP Engine
To activate Global Edge Security on WP Engine, here are the steps to follow;
Log in to the User Portal
Click Add-ons
Locate Global Edge Security then click Manage
Locate your environment name
Confirm the environment name is listed in the Provisioned section
If it is listed in the Unprovisioned section, click Enable to provision and generate the GES CNAME
Global Edge Security Frequently Asked Questions
Why Is Global Edge Security Important?
Global Edge Security is important because it protects networks from botnet and other malicious attacks at the ‘edge’ where sensitive enterprise data is most vulnerable.
How Secure Is WP Engine?
WP Engine is SOC-2 compliant and meets the standards for Security and Availability Trust Services Categories.
They have received ISO 27001-2013 certification by meeting the requirements for “establishing, implementing, maintaining and continually improving an information security management system” as laid out by the International Standards Organisation (ISO).
Does WP Engine Offer SSL?
Yes. By default, every WP Engine plan offers SSL as part of their service. Meaning you don’t have to buy SSL certificates from a third-party service.
Can I trust Global Edge Security From WP Engine And Cloudflare?
Yes. Cloudflare is a world leader in providing web security by protecting Internet properties from malicious activity like DDoS attacks, malicious bots, and other nefarious intrusions.
Their partnership with WP Engine brings all this security and performance enhancements to all WP Engine plans.
How Does Cloudflare Polish Help My Website?
Cloudflare Polish is a web performance enhancement that comes with every WP Engine plan on the Global Edge Network.
Cloudflare Polish helps websites by reducing image file sizes, leading to faster site load speed.
Global Edge Security – The Conclusion
Constantly evolving website security threats have made site security a priority – whether you’re a large business or a solopreneur.
Defending your website infrastructure from these threats can no longer be seen as an “added cost“, it should rather be seen as a strategic investment in protection of your online property.
Because of the evolving nature of the security threats we face today, no security plan can guarantee 100% safety from these attacks, but securing your website from the already identified threats is a big step in the right direction.
About Dienye Diri
Dienye Diri is a website designer and affiliate marketer. He writes about web hosting and marketing software for digital entrepreneurs. Join Dienye and other readers on DienyeDiri.Com to learn more about the best hosting services and tools that drive the digital marketing ecosystem. Before starting this blog, Dienye has been a guest author on several web design blogs and managed countless web design projects. Now he writes about and reviews the best hosting and software to use for your online business.