I have recently migrated our company website to Pantheon. Previously we were using Cloudflare account to filter out bad traffic. When I migrated to Pantheon I cut Cloudflare out since I was informed that Pantheon was secure and protecting against ddos attacks, etc. Since I migrated I have been getting a lot of spam form submissions that I can only assume were previously being denied access to the site via Cloudflare. I still have the Cloudflare account and was hoping to cut cost by removing them. Does anyone have recommendations here?
I would recommend using Cloudflare, but I may be biased. Pantheon has documentation for using Cloudflare on their platform.
Pantheon does a great job at the infrastructure security, whereas Cloudflare does a great job at providing the site (WAF - Web Application Firewall) security.
If you are running a WordPress site I would also recommend these 3 plugins for additional security.
Would you say that Cloudflare coupled with Pantheon still requires those additional plugins? I am already struggling with keeping the plugins that I have up-to-date and would prefer not to add more clutter if I can help it. That said, I do want my site to be protected.
My preference is to layer security. More security is never a bad idea. It really comes down to your preference and what your site needs. Is your site getting 10 hits a day, or 10 million hits a day? The security you would want for the later is completely overkill for the former.
The three plugins do a decent job at security, but they are a free solution and will only get you so far.
iThemes & Sucuri have some overlap, but they also have a lot of unique security features. I have not had any conflicts running these two security plugins vs some of the other options available.
I use GOTMLS to scan all the site files. It does have some security features, but I only use it for scanning.
Cloudflare provides a much larger range of security and services than these plugins, some of which will overlap with the above security plugins.