If you care about your business and your customers’ businesses, you need protection from hackers. You need to have a complete overview of your websites, first line of defense and an intelligence system that will let you know when there is a risk and how to eliminate it quickly. Recently, I wrote about keeping your WordPress website secure and why you should be using a website firewall (WAF). This is a good place to start if you do not fully understand why website security & monitoring is important.
We recently reviewed the new WebARX website security & monitoring platform. WebARX is a website security and monitoring platform that helps freelancers, digital agencies, and website owners protect and monitor every website in a single dashboard.
In under three minutes, I enabled alerts, security monitoring and connected a website with the WebARX WordPress plug-in. This was all I needed to have the website security firewall protect all of our websites. The following is my journey of configuring the website firewall and adding my websites for monitoring.
Step 1 — Sign up for WebARX
To start, I went to the WebARX registration page. From here, I used my email to register for a free WebARX account. When you register, you will receive a free, 14 day trial of the product. You can add up to 10 websites for monitoring with the trial version.
After confirming my email address, I went to the dashboard. Here, I was greeted with a help bot describing the various aspects of the website security & monitoring dashboard. The first task was to add a website.
Step 2 — Add a Website
Adding a website was as easy as clicking the blue text “+ Add new websites” link below the empty monitoring graphs. Once clicked, you are given a popup where you can enter the full URL of one or more websites (one per line). Once you click the submit button, if all went well, you are greeted with a “Success” dialog.
At this point, the website is registered in the WebARX portal. You can see the new website(s) listed in your dashboard overview. But the websites that need to be connected have a “?” in a circle in the Security Risk column. Now I needed to connect my website to my WebARX dashboard.
From the WebARX dashboard, you should click on one of the domain names not yet connected. This will take you to the monitoring page specific to that domain. You will see an alert similar to the image above. Click on the Setup Plugin button.
Step 3 — Install the WordPress Plug-in
Once I added my domain name, I was greeted with a popup for “WebARX Auto-Installation”. For this, I would need to provide them with my username and password and click the “Install Plugin” button. This user should have the ability to install and activate a plugin.
If I would have supplied my details, WebARX would automatically upload the plugin to my WordPress dashboard. It would then perform an install and activate the plugin, connecting the website to my WebARX dashboard. As a security guy, this made me nervous. The WebARX site did state “We will not store your login information on our servers, it is directly and securely used to install WebARX on your site”.
If you decide on the Auto-Installation method, you will see a popup telling you that the process makes take a few minutes. Sure enough, after a little more than a minute, you will see a success popup indicating that the connection process was successful. I did try this on one of my websites where I have an activity log that monitors changes done in the WordPress dashboard. Sure enough, I received 2 notifications. One that the plugin had been installed, and a second that said the plugin had been activated.
Before this, the paranoia in me won over. So, I clicked on the option to manually install the WebARX WordPress plugin myself.
The WebARX system compiled a version of the plug-in, with all of the settings required, for my specific website. I downloaded the plug-in and installed it in WordPress using the plug-in upload method. Once activated, I went back to the WebARX Security & Monitoring dashboard and could see that my website was active. Don’t worry if you are not familiar with WordPress plug-in installation and activation. The process is clearly explained with screenshots when you download the plug-in.
Website Security & Monitoring Dashboard
The three steps above took me about 3 minutes. So, I added a few more domains for monitoring.
In your WebARX dashboard, you can see a list of the domains and a quick overview of their status. The columns that came to my attention immediately were “SSL” and “Security Risk”. One of my websites did not have the SSL certificate configured properly. So, this was a red check mark that stood out from the other entries. Another website had a minor security risk that was highlighted here.
You can also toggle the Firewall on and off quickly from this screen. I thought this was extremely useful for troubleshooting problems.
At the top of the dashboard are 2 graphs depicting “Attacks Blocked” and “Uptime monitoring”. The only issue I had was the lack of a granularity filter. Sometimes there is a need to view these metrics over longer or shorter time periods. Hovering over any of the data points in either graph will produce a graph with a quick breakdown of that data-point. But the real value comes in the details.
Details per Domain
Click on one of the domain names and you see two graphs at the top; one for Attacks Blocked and a second for Uptime & Response Time. This was very useful, especially the response time. Below the two graphs, the logs and monitoring statistics are displayed. This proved useful as I found a couple of my websites that were still on a very old version of PHP. I quickly updated this and saw my Response times improve. I wish I could get a screenshot of this, but this is where the granularity filters for dates and time would be useful.
The next step was to review the Firewall logs.
You can see there were a number of blocked attempts and the details of each attack. Hovering over the Type tells you a bit about what the attack is and what it is trying to do. A helpful piece of information would be a statement like “No RISK — WebARX blocked the attempt and your website is protected”. This would certainly dilute fears from folks that are less experienced about website security.
Reviewing the Logs
The information regarding the URL requested and the origin of the attack was quality data. But the real value comes with the Method column.
Clicking on the “?” next to the Method type provides you with the data on the payload the attacker was trying to send to the URL on your website. Not all of us will understand fully what is happening by looking at it. But if you have a security expert you know and trust, they should be able to help you understand the information.
Another source of quality data is in the Activity Logs tab.
You can see from this list that there is a person in the Netherlands trying to log in with an invalid username. From here I can copy the IP address and add it to my Blacklist in the plug-in settings.
Keeping Everything Up-To-Date
One of my main concerns is in keeping everything on a WordPress website updates. Every week I make a quick glance at my websites to ensure that the auto-update process has kept all plug-ins and the core up to date. If you go to the Software tab of the domain name, you can see a full list of all of the plug-ins, along with a line item for PHP version and WordPress core version. Each line has a version number and a field indicating if that item is vulnerable for attack.
If you see anything that has a red mark next to it, quickly get that updated to the latest version.
This site would not be as useful if it did not have a way of keeping us notified. From the WebARX portal, you can control what events you get notified about via email. In addition, you can connect WebARX to a Slack account and get Uptime/Downtime notifications sent directly to a selected Slack channel. I set this up and it has been a great help in letting me know when a website is down.
All other settings for WebARX are managed in your WordPress dashboard from the WebARX plug-in settings menu. These are categorized into Security settings, Firewall settings, and setting to manage the backup and storage of your .htaccess file. They have also added a nice feature to manage a Cookie notice on your website.
Conclusion
We really like this security tool. We deal primarily with WordPress websites at our Bangkok Web Development agency. WebARX will become a core element of required tools we install before we hand a website over to a client.
While they only support the WordPress platform today, in October, every PHP based CMS and native applications will be supported (Joomla, Drupal, Magento, Laravel, and Symphony). You can see the full WebARX roadmap here.
WebARX is determined to not only keep your sites safe but to also make things easy for you, which is why they’ve built this all-in-one solution.
Related
Originally published at siamcomm.com on July 22, 2018.
