Khuyay Website Security Enhancement
Project Summary
Khuyay, a non-profit organization, needed to strengthen the security of its website to protect sensitive user information and maintain community trust. The update focused on implementing a web application firewall (WAF) and optimizing Cloudflare settings.
Problem
Khuyay’s website, a non-profit organization dedicated to supporting the elderly, had been suffering from denial-of-service (DOS) attacks over the past months (December to January), to the point that the website was no longer available.
Solution
After investigation, it was proposed to implement a Cloudflare web application firewall (WAF) and optimize Cloudflare settings to protect the website from attacks and unauthorized access. These measures would help safeguard user information and ensure the site’s operability. Additionally, WordPress plugins were included to further enhance the website’s protection.
Research and Analysis
A thorough analysis of website traffic was conducted to identify attack patterns and determine existing vulnerabilities. It was found that the attacks were mainly DOS, affecting site availability and user experience.
It was also verified and validated that there had been no unauthorized access to the admin area, nor interception of sensitive information.
A solution was sought that would be effective, require no constant maintenance, and be cost-effective. For this, the following were chosen:
- Cloudflare: For the web application firewall (WAF) and performance optimization, offering a free WAF and CDN to improve site speed.
- WordPress Plugins: To improve site security, plugins were chosen that offer protection against brute force attacks, user management, and other security measures, all free of charge.
Solution Implementation
The Cloudflare WAF was configured, setting specific rules to filter malicious traffic and mitigate DOS attacks. Cloudflare settings were also optimized to improve site performance and ensure greater availability.
Additionally, WordPress plugins were included to enhance site security, such as protection against brute force attacks and user management.
Solution Validation
After successfully implementing the WAF, security plugins, and ensuring no information was compromised, the WAF’s operation was monitored throughout the month to ensure it was working correctly and that there had been no unauthorized access to the website’s admin area.
Business Impact
With the implemented security measures, the following was achieved:
- Future Protection: The website is now prepared for any future DOS attacks, without fear of the site becoming unavailable again.
- User Trust: Users can trust that their information is protected and that the website is safe to browse.
- No Cost Increase: Free tools such as Cloudflare and WordPress plugins were chosen to avoid additional costs in security implementation without compromising the quality of protection provided by all incorporated measures.
Result
After implementing the security measures, the website returned to 24/7 operation without any issues and is now a safe site for donors.