Global Edge Security: WP Engine Website Speed & Security Solution

Share this article

Website security is one of the top considerations any business person must have in mind when building a website. Aesthetics is good, but of what good is your website if your site visitors are afraid to click on it?

This article is about a WP Engine security solution that comes to the rescue when your site security becomes a concern.

If your website is built on WordPress, then including this WP Engine advanced network security add-on to improve security, performance and privacy will be a game-changer.

The name of this security add-on? Global Edge Security (GES).

Lots of confusion exist regarding GES security. Some writers call it WP Engine Web Application Firewall (WAF), others call it WP Engine’s DDOS protection plugin, while many more refer to it as just WP Engine security add-on. But are they all right? What exactly is Global Edge Security (GES) and what benefits does it bring to users? Read on to find out.

What is Global Edge Security (GES)?

Global Edge Security (GES) is a cloud-first, enterprise-class security and performance add-on offered by WP Engine in collaboration with Cloudflare for all WP Engine WordPress hosting plans.

WPEngine Cloudflare

For website owners and enterprise organisations looking to improve their user experiences at scale, this WPEngine and Cloudflare partnership will provide app-level security and fine-tune your WordPress performance so that you can always stay ahead.

Over 80,000 customers across 150+ cities on WP Engine platform are using intelligent servicing to deliver secure, scalable digital experiences on the Global Edge Network, taking advantage of WordPress open-source technology and expansive developer community.

Global Edge Security (GES) offers enterprise-grade network edge security built specifically to secure your WordPress site. It comes with DDoS protection and a Web Application Firewall (WAF) with built-in expert rule sets from Cloudflare to automatically protect you against new and emerging threats. The approach is multifaceted and works to harden security at the edge while adding strategic layers of security where you’re most vulnerable.

Some features of WP Engine’s Global Edge Security (GES) powered by Cloudflare include;

  • Managed Web Application Firewall (WAF)
  • Advanced DDoS Protection
  • Cloudflare Polish
  • Automatic SSL Installation
  • Cloudflare CDN

Let’s talk a lil’ bit about these features;

Managed Web Application Firewall

Global Edge Security managed Web Application Firewall

A Web Application Firewall monitors traffic and filters them before it hits your web server. A Managed Web Application Firewall is different from other firewall, because it is ‘managed’ by someone else (WP Engine and Cloudflare in this case).

This firewall blocks the most common sources of attacks to websites like;

  • Cross-Site Scripting (XSS): When attackers detect vulnerabilities on your website, they inject malicious code into your website or application through these vulnerabilities. From their end, an attacker can use JavaScript or HTML to manipulate this code they injected. That way, they turn your vulnerable application or website into a ‘vehicle’ to drive their malicious intent on the end user – in this case, your website visitors or app users.
  • Cross-Site Request Forgery (CSRF): This type of attack impersonates a legitimate user, by taking over the user’s browsing session or hijacking the browser cookie for their browsing session. Cross-Site Request Forgery attacks can deceive users into executing malicious actions as intended by the attacker. In this kind of attack, the browser cookie becomes the ‘vehicle’ that drives the attacker’s intent.
  • SQL Injection: SQL injection attacks occur when an attacker attempts to input meta characters into a vulnerable web-based form with sinister intentions. These kind of attacks are very popular and usually affect websites driven by databases (including WordPress websites).

WP Engine uses Cloudflare’s Browser Integrity Check to evaluate request headers to determine if they’re coming from a real human or not before granting access.

Cloudflare’s servers use the OWASP ModSecurity rule set at the edge, protecting your website from numerous vulnerabilities. The Web Application Firewall uses a set of security rules outlined by Cloudflare from years of experience detecting and mitigating these type of attacks to defend your website.

Advanced DDoS Protection

DDoS is short for Distributed Denial of Service. This type of attack happens on the Network, Transport, and Application layers of the Open Systems Interconnection (OSI) model.

OSI Model

The Network Layer (layer 3) defines the physical path requests should take through the internet. The Transport Layer (layer 4) is responsible for transmitting and assembling packets of data between two endpoints. In years gone by, attacks on these layers were very popular, and the intent is to make your website inaccessible.

Cloudflare detects and quietly removes these threats before they can find their way to your WP Engine server.

In recent years, the attacks have been directed more and more on the Application Layer (layer 7). This layer is responsible for human and computer interaction. These attacks are based on HTTP, SMTP, SSH, or FTP protocols and specifically targets an application, or website.

Attacks on the Application Layer are typically from botnets, or private computers with malicious software, designed to send spam messages to get past security measures. Cloudflare’s Edge servers can detect whether a request is legitimate and blocks those that are not. This means only legitimate traffic makes it back to the WP Engine origin server where your content is hosted.

Using another method called Origin IP Protection, Cloudflare also mitigates and prevents attacks on the Application Layer. Using this method, Cloudflare obfuscates your WP Engine server IP address and instead presents a Cloudflare IP address when attackers inspect your website. This way, attackers are prevented from sending direct traffic to your WP Engine server.

Cloudflare Polish

WP Engine uses Cloudflare Polish to increase your website speed by reducing your image sizes. Cloudflare polish does this by;

  •  removing metadata
  • applying lossless file compression
  • adding the WebP file format

This makes your image files 26% smaller and you don’t have to install additional plugins for image files compression. To take advantage of this performance improvement, you don’t have to do anything more. Just configure GES like normal on your website and WP Engine will automatically apply this.

Automatic SSL Installation

Secure Socket Layer (SSL) is used for authenticating and encrypting data over a network. WP Engine’s GES automatically installs the SSL certificates in the WP Engine User Portal on the Cloudflare Edge servers.

Secure Socket Layer (SSL)

This way, both the connection between the end-user’s web browser and Cloudflare will be encrypted, as well as the connection between Cloudflare and WP Engine. This SSL installation is automatic with the Global Edge Security solution.

Global Edge Security – What are The Limitations?

Using two or more Web Application Firewall (WAF) can cause configuration issues, leading to slower web performance. It will also inhibit your ability to receive help should you require WP Engine customer support. So it is advised not to use a secondary Web Application Firewall (WAF), while using Global Edge Security.

Also, WP Engine and Cloudflare CDN, WAF, and DDoS configuration rules are automatically configured. Meaning you’re not expected to do anything on that end if you purchase the Global Edge Security (GES) product.

WP Engine and Cloudflare rulesets and configurations are fine-tuned with performance and Defense-in-Depth in mind for the protection of your websites. So if you need a different (higher) configuration with custom rulesets, WP Engine might not honour that request. You might want to speak to your WP Engine account representative.

Global Edge Security Key Benefits

  • Protects Businesses From DDoS Attacks: WP Engine’s WAF inspects your network and stops malicious traffic at the edge before it reaches your server. The WAF inspects traffic for Cross-Site Scripting or SQL attacks and is automatically updated to counter such threats.
  • Secure Visitors Data Using SSL/TLS: Websites route their traffic through Cloudflare’s global network of servers. Cloudflare uses SSL/TLS certificates to encrypt data passing through its network to prevent data breaches. With this, your site will receive the “secure” label per Chrome v.68 updates and data is encrypted in transit.
  • Managed WAF Ensures Server Availability: Because it is ‘managed’, the WAF will create new rulesets as newer threats emerge. Thereby protecting your website from emerging threats and some vulnerabilities peculiar to WordPress.
  • Cloudflare CDN: Cloudflare’s Content Delivery Networks (CDNs) with 150+ data centers to accelerate security and site performance helps to deliver web content faster by reducing latency. This way, your website speed is improved and customers can have a consistent experience, even if there is a spike in traffic.

How To Activate Global Edge Security on WP Engine

To activate Global Edge Security on WP Engine, here are the steps to follow;

  1. Log in to the User Portal
  2. Click Add-ons
  3. Locate Global Edge Security then click Manage
  4. Locate your environment name
  5. Confirm the environment name is listed in the Provisioned section
  6. If it is listed in the Unprovisioned section, click Enable to provision and generate the GES CNAME

Global Edge Security Frequently Asked Questions

Global Edge Security – The Conclusion

Constantly evolving website security threats have made site security a priority – whether you’re a large business or a solopreneur. Defending your website infrastructure from these threats can no longer be seen as an “added cost“, it should rather be seen as a strategic investment in protection of your online property.

Because of the evolving nature of the security threats we face today, no security plan can guarantee 100% safety from these attacks, but securing your website from the already identified threats is a big step in the right direction.

Additional Resources:

1. Check out Global Edge Security From WP Engine And Cloudflare.

2. Read Our Full WP Engine Review.

Disclosure: This website participates in affiliate programs and we may receive compensation for some of the links in this article, at no added cost to you if you decide to purchase a paid plan. You can read our full affiliate disclosure in our Privacy Policy page to find out more.

Dienye Diri
Follow me

Last Update: July 27, 2023 by Dienye Diri

Share this article

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top