Our optional security packages have been upgraded since 2018. Our security plus package, with the usual external (not by our own systems) site scans and WHOIS and SSL checks, now comes with a Web Application Firewall (WAF) and additional security features and reports. This article will inform you about the possibilities of this package and the installation process.

Important notice: the WAF can only be implemented on a domain basis. So if you have one website with us which uses multiple domains (for example for multisite or multilanguage usage) you will have to secure these on a domain basis. Redirects are no problem and can be implemented on a single instance of the WAF.

Default steps

A detailed explanation follows after this summary.

  1. Request the Security Plus service via our billing portal.
  2. You will receive an e-mail with our intake form (as presented later in this article) to fill out. We also advise you to change the TTL of your domain at this point.
  3. When you return the intake form to us we will evaluate the answers and set up the service.
  4. As soon as the service is set up we will inform you about the IP address to use in your DNS.
  5. You will change your DNS to point to our Web Application Firewall
  6. Everything should be working now. We will check one last time for basic functionality but you are advised to test your website thoroughly to see if anything doesn't work anymore.

Intake and installation

Our Security Plus is billed annually, as the service will require manual configuration by us and the customer. When you apply for the service you will receive our intake form. This form will contain the following questions:

## Required data:
1. Domain name:
2. Savvii system name:
3. Email address for reports:

## Additional questions for security (non-mandatory):
1. Which IP addresses do you usually use when editing the site (check whatismyip.com from your home and/or work PC to find out)?
2. Do you have / use your own SSL certificate?
3. Do you use a CDN, like Cloudflare or MaxCDN?
4. Do your website users have the possibility to leave comments on products or articles?
5. If your website has a target audience; which countries are they from?

## Additional wishes:
1. Do you want specific folders or files protected by reCaptcha or IP-Blacklisting?
2. Are there any other security related wishes you want to discuss (have a look at our Security Plus support guide)?

Some of these fields will be pre-filled by our support staff. These questions are created for the less tech-savvy among our customers. Answers require no technical knowledge, just knowledge about your site's visitors. Based on the answers we will be able to enable additional security measures. You will also be asked to change the Time To Live (TTL) of your domain to allow for a smooth transition when the DNS needs to be changed.

As soon as you've filled out the intake form we will take care of the creation of the services. Please be aware that, to enable the WAF, you will have to change your DNS records! After the creation of the services you will receive an e-mail with the IP address of the server that you will need to point your DNS to. The DNS changes are best made when there are few visitors on the website, like around midnight. This is because the server will need to create a new SSL certificate, so the connection might temporary show a security warning to visitors. This is why we ask you to change your TTL to lower values, this will speed up the request and creation of an SSL certificate.

When your DNS is changed the site should work as usual. Please inform us about anything that might seem strange after the change. We might have to tweak the security settings a bit. 

Features and possibilities

The following lists contain most of the features of our Security Plus service. Let us know if you want any of these options enabled or disabled.

Standard services (no DNS change needed)

Malware scans (every 12 hours)

Sucuri scans the contents of your website every 12 hours for malware infections and suspicious files. To perform these scans a file will be uploaded to the root of your website. This file will be named sucuri-#################.php and is needed to perform scans. Please do not remove this file.
DNS check (every 12 hours)
Your DNS will be monitored for changes. We will check with you if you were the one to initiate these changes.
Web Application Firewall (DNS changes needed)

Blacklist IP addresses
These IP addresses will not be allowed through the firewall.
Block Country subnets
This option will allow you to fully block certain countries from requesting the site. There is also a less-aggressive filter that will allow a country to view the site, but  it will disable posting any comments or registration of users.
Block user-agents, cookies or referrers
Block visitors based on browser (user-agent), cookies or referrers (for example visitors that access your site via another site).
Restrict the admin-panel to whitelisted IP addresses
Only the users on these IP addresses will be able to request the ad min pages of your website.
Block XMLRPC, trackbacks and comments
Disable XMLRPC (the Wordpress API) and trackbacks and comments. This will severely limit the dynamic functionality of your site and is only meant for the more static websites (in combination with IP whitelisting)
Block the uploads of PHP and other executable files
Block users from uploading PHP files and other executable content.
Limit access for the top 3 countries (China, Russia and Turkey) for cyber attacks and anonymous proxies.
This option will limit visitors from the named sources to only view your website, and restrict POST data (effectively disabling comments and registration).
Aggressive bot filter
This will block visitors to your site that use suspicious user agents, like data gathering and surveillance tools.
Page protection
You can protect files and pages of your site using an authenticator (2-step validation), reCaptcha or based on IP address.
Limited caching and CDN
Sucuri has servers world-wide and their WAF will enable the use of a stripped down Content Delivery Network to cache your site around the world. This will possibly speed up loading times for users further away from our datacenters.
You will receive monthly reports generated by the WAF about mitigated attacks and website traffic that was blocked.

These options are all subject to change and will interact differently with every website. As soon as Security Plus is enabled for your site, you will need to update us about anything that does not work anymore, as that might be because of a security setting. Please let us know if you have any specific security related requests, as we might be able to implement other features.