WebARX helps protect your WordPress website with a firewall, security monitoring, and application hardening.
It’s a comprehensive and mature product that was originally developed by a digital agency to secure their client’s websites.
Today their mission is just that — “to help others like us – digital agencies, web development agencies, and freelancers to keep their customers’ sites protected and monitored at all times.”
WebARX is one of a number of WordPress security solutions around but caters for other PHP-based platforms just as effectively, which is useful if you have other non-WordPress applications running too. They also offer a professional malware removal service if your site has been compromised, as well as a DIY guide if you want to do it yourself.
Please note: it’s not simply a plugin but a cloud-based service that integrates directly with your WordPress website (via a plugin).
Before we begin a couple of words about security at the host level – the tech WordPress is running on. More reputable providers will have invested in best-in-class solutions to secure their networks mitigating a lot of the threats before they reach the application.
We offer, for example, “always-on” DDoS protection and regular virus scans as part of all our WordPress hosting packages. But it’s not just the tech that needs to be secured; humans are a risk too, which is why we’re very diligent with our processes and procedures.
Who is WebARX for?
Anyone who is responsible for maintaining a WordPress website: digital agencies, freelance developers, business owners that are hands-on with their digital platforms.
Securing WordPress with WebARX
Once you have signed up you’ll need to install the WebARX plugin and link it to your main account. You’ll have access to WebARX functions and reports from your WordPress install and a view of all your secured sites from your WebARX Portal account (with the option to drill down into the detail for each).
The screenshot below shows the dashboard view of a demo website, where you see two key metrics displayed: Attacks Blocked and Uptime. Don’t panic if you see many blocked attacks in your portal — it’s quite normal for websites to be targetted multiple times a day. These attacks are typically triggered by automated scripts (bots and spam) pinging thousands of websites every hour, looking for vulnerabilities. Developers can review the types of attacks and determine if any action is needed.
Hardening and back-ups
The Hardening and Software tabs cover important functions in WebARX to help prevent security breaches. The former offers a number of options to tweak an instance of WordPress and make it harder to be attacked. The Software tab lists plugins and themes that are unsafe and need to be updated or removed altogether.
Here are some of the hardening options:
- Login Rate Limiting
- Change of admin page URL
- reCAPTCHA & 2 Factor Authentication
- User Activity Logging
- HTTP Security Headers
WebARX allows you to create off-site backups too, which you can set to run on a schedule as well as save to Google Drive.
Monitoring and alerts
Like all good security systems, WebARX is updated regularly to make sure that it’s protecting your application from the latest threats. As part of this process, they have built monitoring and alerts covering:
- SSL/TLS monitoring
- Blacklist monitoring
- Error monitoring
- Up-time monitoring
- Domain expiration monitoring
- Certificate expiration monitoring
You can’t act on what you don’t know, right? You can generate and download reports within the WebARX Portal and set email and Slack alerts. Agencies can add their own logos to the reports before sending them through to their clients.
Q&A with Oliver Sild, WebARX’s CEO
What inspired you to build and launch WebARX?
I’ve was an enthusiast in cyber-security already from the early ages. I was studying computer networking and after studies, I was lucky enough to be part of military cybersecurity exercises. Around 5 years ago, I was also running a security-focused web development agency when I really started to understand the scope of the website security issue and figured how big the problem might become.
When analysing thousands of hacked websites per day and notifying the businesses and owners of the sites, we started to build internal tools to protect our customers. This eventually became what WebARX is today.
What is the most common attack that you see and how does WebARX deal with them?
Bot and brute-force attacks are the most common. Among millions of WordPress sites, poor password security is still a thing, but what we see as the biggest problem is the severe amount of vulnerabilities introduced by third-party components, plugins in WordPress ecosystem. Bots are actively looking for sites with vulnerable plugins installed and try to detect vulnerabilities in popular plugins as fast as possible to be able to harvest resources and traffic for mainly monetary purposes.
At WebARX we actively analyse all the components are customers are using, help our customers to be up-to-date with the latest security standards and proactively prevent attacks on their websites. WebARX is a combination of website firewall, security monitoring, and management dashboard, where you can manage security of all your sites from a single place.
How does WebARX differentiate itself from other WordPress security options?
We are building deep technology around the biggest problem – plugin vulnerabilities. We are also OWASP contributors with our open-source tool called WPBullet which helps developers to detect such vulnerabilities in their code before releasing them to users. We are really fighting with the issue from both sides. WebARX is supporting every PHP application, WordPress, Drupal, Magento, Laravel, and any other framework built on PHP.
We have invested a lot in our technology when it comes to the firewall that prevents plugin vulnerabilities to be exploited and it’s often referred to as “the most advanced firewall for WordPress”.
Unlike any other security plugins, WebARX is a whole security platform allowing you to control firewall, security settings and keep the sites secured from a single, cloud-based dashboard.
WebARX: Our thoughts
We tested WebARX on our servers on and did not encounter and technical issues or conflicts — set up was indeed a breeze and a matter of a couple of minutes. We were running the following plugins:
- Classic Editor
- Contact Form 7
- Swift Performance Lite
- Page Builder Framework
- Site Kit by Google (Beta)
- Advanced Custom Fields
We didn’t experience any deterioration in performance either (but our testing was limited to a handful of concurrent users).
WebARX blocked 58 attacks over the 14 day period and uptime was 100%.
This does not mean that WebARX necessarily prevented our test site from being hacked but blocked the attempt.
For example, the malicious URL requests below would not have worked in our set up. The second attempt is for a different programming language altogether, indicating that the hacker is simply targetting as many websites as possible to eventually find the vulnerable one.
This is exactly what Oliver means in the Q & A above:
Among millions of WordPress sites, poor password security is still a thing, but what we see as the biggest problem is the severe amount of vulnerabilities introduced by third-party components, plugins in WordPress ecosystem. Bots are actively looking for sites with vulnerable plugins installed and try to detect vulnerabilities in popular plugins as fast as possible to be able to harvest resources and traffic for mainly monetary purposes.
We particularly like how WebARX scans a WordPress website and returns a report indicating what’s safe and what needs attention. This is the type of check a developer should carry out as part of a scheduled maintenance program, as we have recently described in our Project managing your WordPress hosting ops with Teamwork eBook.
To conclude: WebARX is one of the best WordPress security solutions with a solid track record and a team of experts working round the clock to ensure it’s kept up to date. It complements nicely the security layer a reputable hosting provider has in place, going that extra step to protect WordPress-specific vulnerabilities. It works with non-WordPress applications too, which makes it a good option for agencies that work with different platforms and / or build their own PHP applications.
They have done a good job with the interface too, both the dashboard that is accessed via WordPress and the portal, and have all the reports and alerts you need to easily integrate it as part of your workflow: scheduled maintenance, random audits and the drop-everything-and-fix-a-vulnerability scenario.
If you have any questions about WebARX or our testing add a comment below.
Try WebARX before you buy
The team there are more than happy to show you around their platform and answer any questions you may have – just register for one of their product demos.
You can also try WebARX for 14 days for free. Set up only takes a minute and you ask for help via live chat.