…despite your hosting company telling you to do so.

In my previous post (from ages ago because I don’t write things on this blog often enough as I’m busy working on other people’s websites) I wrote about being told by tech support at Bluehost that my client should be using Cloudflare.  I wrote back and pointed out why that wasn’t going to happen.

Here is another reason to avoid Cloudflare.

The data that was leaked could include passwords, cookies and authentication tokens. If an attacker is able to access the text of your cookies, they may be able to use them to sign into your website.

https://www.wordfence.com/blog/2017/02/cloudflare-data-leak/

Sorry to burst your bubble but there is no such thing as secure when it comes to the internet.  And bigger doesn’t mean better security.  Bigger means bigger target.

A severe security vulnerability has been discovered in the CloudFlare content delivery network that has caused big-name websites to expose private session keys and other sensitive data.

CloudFlare, a content delivery network (CDN) and web security provider that helps optimize safety and performance of over 5.5 Million websites on the Internet, is warning its customers of the critical bug that could have exposed a range of sensitive information, including passwords, and cookies and tokens used to authenticate users.

Dubbed Cloudbleed, the nasty flaw is named after the Heartbleed bug that was discovered in 2014, but believed to be worse than Heartbleed.

The vulnerability is so severe that it not only affects websites on the CloudFlare network but affects mobile apps as well.

What exactly is “Cloudbleed,” how it works, how are you affected by this bug, and how you can protect yourself? Let’s figure it out.

https://thehackernews.com/2017/02/cloudflare-vulnerability.html

The lesson is this: More means more insecure.

Every additional plugin. Every additional script. Every additional cloud account. Every additional linked service. Every thing you add to your website makes it slightly more insecure.

I’m not saying don’t use additional services.

I’m saying use additional services cautiously.

Cloudflare has experienced a data leak over a 5 month period that mixed sensitive data between websites and visitors. A visitor to one website using Cloudflare may have seen data from another website using Cloudflare that was being sent to a completely different site visitor.

Some of the leaked data has been indexed by search engines who have been working over the past few days to try and remove the data from their caches.

In this post I am going to explain in simple terms, what occurred and what you need to do about it.

If you are a WordPress user and simply want to know how to secure your site, you can skip to the What Should I Do section below. I have included some information for non-WordPress site owners in that section too.

https://www.wordfence.com/blog/2017/02/cloudflare-data-leak/

The more computers your data is stored on the more likely you data is to be compromised.