Magento 2 autopatching WAF


Just wondering if anyone had a recommendation of either a CDN service or hosting platform that includes an autopatching WAF for Magento 2? We currently use Sucuri for their WAF service which passes the Magento security scan without issue. Thanks

So, I’m actually in the process if migrating to Cloudflare. Not just cause of the CDN, but a bunch of other features that I now have a need for - Which other service providers cannot deliver.

One of the things I noticed they offered (but probably won’t use) was Web Application Firewall. Perhaps this ticks your box?

How do you like sucuri? I’m currently looking for an additional security layer as well.

Never heard of it. I chose Cloudflare based on reputation and recommendations.

Thanks for the reply Craig. I use the free Cloudflare service on all of my wordpress sites and it works great. The issue with Cloudflare for business when comparing them with the equivalent sucuri plan is cost. I pay $299 a year for sucuri whereas Cloudflare would cost $2400

Ah, I only went Pro, cause the extra feature that Business offers wasn’t of any benefit. Ref: Cloudflare Plans

We initially used them to secure a Magento 2 store after the site was infected with malware. I’ve had no major issues with their services and support have been quick to respond to any queries. The only caveat we’ve found is their server-side scan doesn’t like large sized site (our Magento store is currently using 10GB) so they suggested using their external scanner.

What type of scan is it?

They monitor website file structure and file changes, and scan for malware.

Gotcha. File Integrity Monitoring (FIM) is a good one to have running. Albeit, I was saying in another post that most Magento compromises happen directly in the Database these days, as opposed to compromising file systems.

The Magento Security Tool scans for Malware if you’re not using it already. Plus it’s free. They’ve also been working on an SSH version which is supposed to be a little more powerful, but they’ve not released any details on the features yet. And for some reason, my SSL Certificate Provider does daily malware scans too.