Incapsula – Rest your worries

incapsula-2015For much of the last three years my blog was dormant. Out of sight, out of mind. My mind, perhaps, but not the mind or rather minds of the people at Incapsula, which has protected it from malicious attacks while I have been to busy to check on how my blog was doing. I hardly ever logged in to my WordPress dashboard to update my plugins. I even hardly ever logged in to my Incapsula dashboard to read the list of latest atttacks. Why? Because I knew that is was perfectly safe, that’s how much I trust Incapsula.

Incapsula – four years on

When I signed up with Incapsula in 2011 it was in fact not so much for security reasons. Most of all, it was for speed and delivery, using Incapsula as a CDN, Content Delivery Network. The added security came as an extra bonus. It started in early 2011, first using Amazon’s Cloudfront, then switching to CloudFlare, before finally settling for and staying with Incapsula. You can read about my experiences here:

Amazon CloudFront as CDN
CloudFlare versus CloudFront
CloudFlare versus Incapsula
Incapsula website security

Now, four years on, it’s time for a revision of my posts. However, both Incapsula and CloudFlare have moved on since I first wrote about them, and this time around, this will not be a full comparison post, perhaps more like an appraisal post…of Incapsula, mostly.

Incapsula for security, CloudFlare for speed

Reading up on the latest Incapsula versus CloudFlare posts and news, for instance  Zero Science Lab’s in-depth firewall testing from 2013 or Anand Srinivasan’s closer look at differences in CDN in 2014, as well as Tracy Vides’ 2015 article on who might be leading the way confirms the impression I had of the two competitors back in 2011: It’s all about security (Incapsula) versus speed (CloudFlare). It’s clear that both companies pursue different strategies and different market segments. For an in-depth look at both CloudFlare and Incapsula, their strengths and weaknesses and differences, the aforementioned reviews are a good starting point.

Incapsula and I

I said that I wasn’t going to compare the two and I won’t. Especially since the plans they offer are very different, even in the free version. Cloudflare offers this and Incapsula offers that. For a full comparison the abovementioned blogposts are a much better option.Therefore, let me just focus on how I use the Incapsula Pro plan on my WordPress website here.

WP caching and minifying…no need?

Although I chose Incapulsa for security and not for speed I must say that I am very impressed with the caching and optimizing features. In fact, so impressed that I now can do without WP plugins for caching and minifying, without impairing my site’s performance at all. And less plugins mean less vulnerability. After one month without WP caching and minifying, and only using Incapsula’s features, there does not seem to be a difference in performance.

Looking at Incapsula’s own performance stats, there seems to be no significant increase in response time after turning off WP optimisation and leaving it all to Incapsula:

incapsula-response-time

I’ve checked also my site using testing services like Pingdom, GTmetrix, Monitis, WebPageTest, and alikes, but I realise that the results are just too erratic, for many reasons. The test service’s results and thus visitor experience depends on too many variables: the visitor’s location in relation to Incapsula’s data centers, the visitor’s internet connection, the visitor’s computer or mobile hardware, the visitor’s browser and so on, to name just a few.

Looking at Google Analytics’ stats, since I run Google Analytics on my website, doesn’t help much, because the site speed sample size is only 1% of the total number of visitors.

Which leaves me with one thing: My own experience of how my website performs when looking at it from different locations using different platforms. Home, office, friends, this computer, that mobile, it didn’t matter, I simply could not see any significant deterioration in performance after settling for Incapsula as my sole provider of optimization tools.  So out go Zen cache and WP Minify.

Many of the Incapsula caching and optimization features are included even in the Free plan, it is mainly the dynamic content caching and dynamic content compression along with image compression and other advanced techniques that is added to the Pro plan. For most non-commercial website owners, the Free plan will suffice in terms of optimization options.

How-to guides

What I like about Incapsula are the support and product information pages. Here it is clearly explained (even to a computer illiterate like me) what turning on and off this and that security and performance option actually does, see for example  Content Caching, and Optimization Features. Since all settings are explained using screenshots of the dashboard it is easy and straightforward to relate this to my own website settings.

Incapsula Tutorial

If you need a tutorial that goes beyond what is offered at incapsula.com, Jeff Reifman has written an excellent piece just a month ago, explaining everything much better than I would be able to do. Enjoy! How to secure your website using Imperva Incapsula.

Security

Security is the part that really sets Incapsula apart from the rest, and which is why I chose the service in the first place. Obviously, a paid plan offers considerable more security than a free plan. However, one feature that does come with the free plan (and – correct me if I’m wrong – which CloudFlare does not have, not even in their paid plans) is Two Factor Authentication login for my website, ensuring that I and only I am able to log in for administering my blog and publishing any posts (or I can set a a given number of designated and verified admins). Considering how often I do log in this is probably going to be more of a hassle than a security feature, but good security is meant to be a hassle, isn’t it? Otherwise it wouldn’t be any security, or?

The other feature I cannot do without is the Web Application Firewall. Five years ago it used to come with the free plan, now it’s only in the paid plans. Do I really need it? Well, my site my not be the likeliest of potential targets for attack, but you never know, and judging from my thwarted attack stats the firewall has done its job well. During the last 90 days I’ve stood against 4 SQL Injection attempts, 8 Cross Site Scripting attempts and 108 Illegal Resource Requests. Perhaps not worth worrying too much, then again, there’s no telling what could have happened to my website in the three years I did nothing to it, had I not been protected by Incapsula.

Conclusion

After more than 4 years with Incapsula I have no reason to question the security layer surrounding my website. It works, it’s easy to use, and it can be set to do exactly what you want, provided you know what you want. That said, even to lesser sophisticated website owners like I am Incapsula is definitely worth the price.

Related links

Related posts

Posted in my BLOGGING
Tags: ,
ARTICLES and PAPERS
Toy stories: lessons to be learned
Christmas. Toys. Two things that belong together. But it isn't always a happy story. Not only do sea[...]
Humanitarian aid is better when decentralized
Humanitarian operations rely heavily on logistics in uncertain, risky, and urgent contexts, making t[...]
Building a secure and resilient supply chain
Are you gambling with your supply network? You should be aware that the supply network is inherently[...]
BOOKS and BOOK CHAPTERS
Book review: Transport - Economics and Management
Kept at an executive level, Transport: An Economics and Management Perspective by David A. Hensher a[...]
Book review: Supply Chain Risk Management
Edited by Robert B. Handfield, the book Supply Chain Risk Management: Minimizing Disruptions in Glob[...]
Book Review: Your Research Project
This book is a must-have for any serious student or budding research. Even if you consider yourself [...]
REPORTS and WHITEPAPERS
Assess the vulnerability of your production system
So far I have reviewed "international" literature and web sites, and it is only fitting that now it [...]
Transport infrastructure resilience
Is it possible to devise a simple framework for assessing the resilience of the transport infrastruc[...]
Infrastructure - essential for competitiveness?
Regular readers of this blog may have noticed my regular rants about the state of the Norwegian infr[...]