I think this is becoming even more relevant, as you've probably already gathered from recent news headlines.
Small businesses, particularly US small businesses, are being targeted by hacker groups. I believe the ultimate goal is usually to steal sensitive customer or client info and/or hold the data or website hostage for ransom. A good percentage of US small businesses do not have the know-how to implement even basic website security measures, and often do not have the resources to pay someone to implement and maintain these systems.
I have noticed that brute force attempts on my website are up noticeably vs last year. Recently I've been seeing anywhere between 40 and 100 unique IP addresses a day attempting to brute force a login for my website. Note this is unique IP addresses, not attempts. I'd imagine attempts are in the hundreds each day.
While I have established a safe guard for brute force by limiting login attempts and blocking IP addresses from logging in for a set amount of time if they exceed the login attempt limit, the increase in activity has me re-evaluating my safeguards for my website and got me thinking about paying for extra peace of mind.
I have been evaluating certain third-party contractors such as Cloudflare and Sucuri to provide certain services for my website such as:
--DNS firewall services (which would protect against DDoS attacks and malicious bots)
--additional security surrounding logins and admin access to the site
--periodic scans for intrusions and malware, and remediation if a scan reveals a problem
--website response time and performance boost through CDN caching
--a dashboard and audit reports of security events for me as the owner
I am currently leaning toward Sucuri based on my research and...to be transparent... their fee level. Cloudflare has a free version, but it's very stripped down. Their pro level is $20 per month and their business level is $200 per month. By contrast, Sucuri's top tier plan is $500 per year.
Does anyone have any experience with or thoughts on either Cloudflare or Sucuri?