I’m a huge admirer of QUIC.cloud, and they currently fill a need that I think is met only by Cloudflare. Cloudflare is, of course, a lot more mature and has more features, but QUIC.cloud is filling out its feature set nicely. One of the biggest advantages of a Cloudflare Pro is the Web Application Firewall (WAF), which protects your site from hackers, and constantly updates its ruleset to protect against the latest vulnerabilities. Now QUIC.cloud has WordPress-specific protection as well, and it’s great!
Blocking XML-RPC Requests with QUIC.cloud
I’ve written before about the importance of blocking XML-RPC on WordPress. Anyone can easily abuse the protocol and use it to generate thousands of login requests to your site. Even if it doesn’t rise to the level of a DDoS attack, these requests suck away your resources, swell your logs, and cause headaches. Blocking XML-RPC is one of the first things you do when you have a new WordPress site.
Unfortunately, the popular Jetpack plugin insists on using XML-RPC, and it’s for this reason alone that many websites continue to leave it enabled. My linked article explains how to get the best of both worlds, but it’s still touch and go. The latest security options in QUIC.cloud, however, make things easy with an option that lets you block XML-RPC with just a button click, as shown here:
They also have an option that allows you to bypass this rule for Jetpack! So now you don’t have to worry about messing around with .htaccess files to allow Jetpack, and you can block XML-RPC requests at QUIC.cloud without those requests ever touching your server.
Blocking Brute Force Attacks
To deal with brute force attacks, the QUIC.cloud security option returns a 403 error to anyone who tries to log in with XML-RPC before visiting a normal page on the site. This will frustrate bots that try and flood your server with username/password requests. This is a good option if you want to keep XML-RPC but still wish to allow legitimate users.
WordPress Specific Security Options
The next security section has a host of options specific to WordPress. The first is the “Jetpack” exception for XML-RPC requests, as mentioned earlier, but the others deal with various aspects of JSON. Your WordPress site constantly “leaks” information to potential hackers. Information about the authors on your site, their usernames, the WordPress version, and more. QUIC.cloud allows you to block all these attempts using the following options:
I’ve already written about the importance of blocking JSON in WordPress, but you can enable this important security feature easily on QUIC.cloud. You can do the same using Cloudflare firewall rules as well, but you have to configure the specific rules instead of just enabling the options as shown here. For now, Cloudflare is more powerful and configurable, but for ease of use, QUIC.cloud is the winner.
How QUIC.cloud can Match Cloudflare
I love Cloudflare, but they’re the only game in town right now, and it’s good to have competition. To catch up to Cloudflare, QUIC.cloud must implement Firewall rules and match all its features. An advantage of QUIC.cloud is its usage-based model compared to Cloudflare, whose cheapest plan starts at $20/m and goes from there. QUIC.cloud can also integrate detailed analytics – something that Cloudflare already does with its Web Analytics pane.
Generous Free Quota with NameHero
NameHero customers have a special incentive to use QUIC.cloud thanks to the LiteSpeed Enterprise free quota, which is more than enough for small to medium-sized sites. So you get all these features for free if you choose NameHero as your web host for shared hosting, thanks to the LiteSpeed web server. For NameHero customers, it’s an amazing value addition!
I’m a NameHero team member, and an expert on WordPress and web hosting. I’ve been in this industry since 2008. I’ve also developed apps on Android and have written extensive tutorials on managing Linux servers. You can contact me on my website WP-Tweaks.com!
Leave a Reply