Website security is a continuous process. It’s not something that should be turned on when the time is right; rather integrated into the full scope of how you deploy a website, maintain it, and ensure the safety of your visitors.
At Sucuri, we protect websites with a wide range of website configurations, including business owners with a single website, multi-site WordPress installations, and web agencies who work with a number of clients. One of the biggest concerns for all of them – and an often overlooked aspect of security – is availability or downtime.
The mere thought of downtime brings up visions of confused visitors, lost revenue, and stressful IT departments.
One misconception about the Sucuri Firewall is that there will be downtime during activation or migration. This is not true. If anything, when properly implemented it should improve uptime in a variety of situations.
DNS and the Website Application Firewall
When you first add your site, our firewall servers grab your website and make it available across our globally-distributed Anycast network. After a few seconds, your website is up on our servers and ready to receive visitors.
The next step is to activate the website application firewall using a DNS change. The DNS A record usually points your domain name (example.com) to a hosting IP address (your web server).
Note: If you use cPanel, we can automatically make this change using your cPanel credentials. Another option is to use the Sucuri DNS by changing your name servers under your domain registrar.
The process of DNS propagation can take hours or days before the whole world sees the change.
Here is what happens for visitors:
- Before you activate the Sucuri Firewall: your DNS is sending visitors directly to your original web server – including potential hackers and DDoS attacks.
- During activation of the Sucuri Firewall: your DNS is propagating; some visitors are still being sent to your original web server – or they will be sent to your new Sucuri Firewall IP.
- After you activate the Sucuri Firewall: your DNS is sending all visitors to your new Sucuri Firewall IP where we block hackers and DDoS attacks.
Before we instruct you to change your DNS, we provide a test link to visit and confirm that your website loads properly under your new Firewall IP. This will give you peace of mind that the DNS change is completely seamless for visitors.
Once the DNS change is done, your site will be protected by the Sucuri Firewall. If you need help changing the DNS, simply open a ticket and we’ll do it for you.
Already Using a CDN or Firewall?
If you use a Website Application Firewall (WAF) or Content Delivery Network (CDN), you’ve probably performed similar steps to activate it.
The Sucuri Firewall works well with other CDNs – and if website performance is important to you, you’ll be happy to know that the Sucuri Firewall also significantly improves the speed and availability of your website.
We have instructions on how to do this for CloudFlare and other CDNs. Our team is always happy to help with this step too.
Migrating Hosts With the Sucuri Firewall
I had a customer tell me, “We are very interested in your security platform… but are getting ready to change hosts and think we should wait.”
This misconception is interesting because the truth is quite the opposite.
There are two big reasons why it’s actually a better choice to activate the firewall before migrating hosts.
- The Firewall will deliver your content during migration. When you are pointing your traffic to a web application firewall it really doesn’t matter what’s going on behind the scenes. We’re caching the static content if something were to happen, so the viewers will still be able to see the site.
- Having a team of malware removal experts just in case. Most hosts will suspend infected websites, or won’t allow you to migrate. You might think your site is clean, but hackers hide their tracks. Our monitoring, alerting, and incident response team will take care of any concerns.
All you have to do is update your hosting IP address in the Sucuri Firewall dashboard (instructions below). This option also helps customers with load balancing and sites running on multiple servers.
Firewall Host Migration Instructions
Our team is always happy to guide you through the process or make changes on your behalf.
There are multiple benefits to the Sucuri Platform when it comes to availability and managing your hosting configuration.
Leveraging the website application firewall improves uptime and makes your website faster in more geographic locations around the world. You can rely on the Sucuri network to withstand the pressure of DDoS attacks and sudden increases in website traffic.
You can ensure a seamless experience when migrating hosts by having an incident response team standing by, a security scanning engine, and content delivery network during the switch.