Why Every Website Needs a Web Application Firewall

You probably think your website is safe from hacks. And it probably is. After all, only 37,000 websites are hacked every day. Seems like the odds are in your favor, right?

Website security is all the rage right now. And for good reason. Google is pushing it hard, strongly recommending every website switch to HTTPS. In fact, Google is pushing it so hard that not being secure can result in decreased search rankings and your site being flagged in web browsers as not secure. A big red warning probably isn’t going to make your customers feel very confident about purchasing your goods or services.

ssl not secure warning

HTTPS is great and necessary for any website that collects any sort of customer information, including all eCommerce and lead generation websites. Basically, if you have a form of any kind or accept any kind of payments, you have to be on HTTPS. That pretty much covers every business website in the world.

HTTPS Isn’t Enough

HTTPS is one important layer of website security. But there are a lot of other reasons why website security is a hot topic now--and it always will be. Big hacks happen all the time. Over 3 billion Yahoo users had their account information compromised. Roughly half of the United States is at increased risk of identity fraud right now thanks to the Equifax breach. And we’re talking about huge websites that seemed pretty darn secure. The Equifax breach certainly wasn’t the result of not having an SSL certificate. HTTPS won’t stop hackers from infiltrating your database. It won’t stop malicious attacks that can bring down your whole website and steal all your customer information. You need something more to protect your business.

You Need a Web Application Firewall

If you’ve already switched to HTTPS, you’ve taken an important first step. If not, you need to do that now. Once you’ve met this new minimum standard in website security, it’s time to invest in a web application firewall (WAF). Generally speaking, a web application firewall creates a set of rules designed to protect your website. This includes:

Blocking unwanted web traffic from accessing your site
Protecting against hacks, brute force attacks, DDoS attacks, cross-site scripting, SQL injection, and zero-day exploits
Virtual patching before common CMS platforms release official patches (Magento, WordPress, Drupal, etc.)

This is all done on a continuous basis, not a reactive basis, giving you the best chance to protect your website before an attack is successful. And in the unlikely event a hacker does infiltrate your website, a WAF will greatly enhance your ability to clean your site faster, more completely, and for a lot less money.

Wait, there’s more. A WAF also increases site speed and performance through advanced caching mechanisms. So now we’re talking about a site that’s safer and faster, two of the things that matter the most on the web today. Seems like a no-brainer, right?

But My Website Isn’t a Target for a Hack

You probably think that hackers only go after the big websites. What is a hacker really going to gain from attacking a site that only gets a few thousand visitors a month? A lot more than you might think. Most hackers aren’t going after big data and trying to steal social security numbers and credit card information from millions of people in one shot.

this site may be hacked

The majority of hacks occur for seemingly less malign purposes. For example, many hackers infiltrate your server in order to send out spam email by the millions. They might inject unwanted code that will affect the performance and reliability of your website. Any hack can result in “This site may be hacked” warnings in Google search results and a long list of other costly side effects that include:

Lost or destroyed data
Decreased consumer confidence
Leaks of sensitive business or customer information
Your website or email being blacklisted
Huge drops in search rankings
Lost business and revenue

In most cases, the hackers aren’t really trying to hurt your business, but these will be the end results. You will lose customers. It will cost you money. And you are a target no matter how big or small your site is.

The Bottom Line

No matter how unlikely you think a hack on your website might be, your site is susceptible. You are a potential target simply because you have a website. Having strong passwords and an SSL certificate aren’t enough to keep you safe. The internet is more important than ever for your business. It’s also more dangerous than ever. In order to protect yourself and perform at your best, you need a web application firewall. It’s a small price to pay to protect your business from much bigger expenses down the road.

Written by

Nate Tower

Nate Tower is the President of Perrill and has over 12 years of marketing and sales experience. During his career in digital marketing, Nate has demonstrated exceptional skills in strategic planning, creative ideation and execution. Nate's academic background includes a B.A. with a double major in English Language and Literature, Secondary Education, and a minor in Creative Writing from Washington University. He further expanded his expertise by completing the MBA Essentials program at Carlson Executive Education, University of Minnesota.

Nate holds multiple certifications from HubSpot and Google including Sales Hub Enterprise Implementation, Google Analytics for Power Users and Google Analytics 4. His unique blend of creative and analytical skills positions him as a leader in both the marketing and creative worlds. This, coupled with his passion for learning and educating, lends him the ability to make the complex accessible and the perplexing clear.