If you run a website or an online store, there is a chance you might already been hacked. But you won’t know until it’s too late. By then your site might be a cesspool of hacked files and malware that does things like redirect your visitors, replace genuine code with malicious ones or just plain don’t work.
In worst case scenarios, your site could be placed on Google’s Blacklist and removed from Google’s search results until you clear the malware infestation.
By then, you would suffer from a damage of reputation, a loss in traffic and perhaps some lost business if your business relies on your website.
But would hackers target my insignificant site? Shouldn’t they be looking at more prominent targets?
Unfortunately not. The fact is, websites are getting hacked more often today. And most of the compromised sites, are smaller sites without the time nor resources to self-maintain nor hire website security experts.
That’s why we need proper website security.
Why Do We Need Website Security?
In Google’s State of Website Security Report (2017) , the number of hacked sites has increased by 32% in 2016 compared to 2015. And this trend of hacked websites is expected to increase as hackers get more aggressive and more sites fall behind on security patches and updates.1
As most of us run self-hosted websites (e.g: WordPress, WooCommerce & OpenCart), it is our responsibility to keep our website secure and safe from hacks.
But website security is a hard thing. Things like OWASP (Open Web Application Safety Project), firewalls and removal of malware are often beyond the skillset of most webmasters, web designers and digital agencies.
Here’s where WebARX comes in.
WebARX Review: An Introduction
WebARX is a fairly new website security and monitoring platform that came out of the founders’ own needs as a digital agency offering web design and development services.2
They have come a long way since then though, having won third place in the JIC StarCube 2015 competition3 and graduating from Cyber London (Cylon), the world leading accelerator focused on growing cyber security startups, in 2017.4
WebARX is focused on PHP-based website security and has WordPress as their first integrated CMS. Meanwhile, integration with other Content Management Systems will arrive as early as September 2018. (Check out WebARX’s Public Roadmap here.)
As such, we will compare WebARX with the leading WordPress security services and plugins and help you make the best choice.
WebARX Review: The Competition
Before we continue, I need to emphasise the importance of the OWASP Top 10 list in the table. If you scroll down, you will see more on the OWASP Top 10 List after this segment.
WebARX, $39/mo for 10 sites
When compared to the leading website security solutions for WordPress, WebARX does surprisingly well . In fact, based on features alone, WebARX comes close to Sucuri and Sitelock, the gold standard in WordPress Website Security.
WebARX lacks in database scanning and the automated malware removal, both covered by MalCare. This makes WebARX and MalCare, strange bedfellows.
WebARX will soon have the white label option, which helps you look great with clients.
MalCare, which was previously on AppSumo, does pretty well too. My main concern though, is MalCare only does behavioural blocking instead of the OWASP Top 10 rule set.
MalCare lacks the ability to block database attacks, namely SQL injections, which are covered by WebARX (and the other Website Security Solutions which follow the OWASP Top 10).
However, MalCare comes with database scanning, automatic malware removal and manual hack repair when the automatic malware removal fails. As such, MalCare complements WebARX and should be used together.
One good analogy on how MalCare and WebARX work together is like insurance. WebARX is like the medical card that provides you hospitalisation benefits and coverage from that expensive surgery. MalCare then provides you the lump sum of money that you need as you go through the recovery period.
Sitelock Secure Site, $70/mo
Sitelock’s highest tier, the Secure Site plan is the most complete plan in the table. It has database scans and automatic malware removals which WebARX lacks and only misses out on backups and downtime notifications.
Sitelock however, is also the most expensive WordPress Security Solution in this comparison table.
Cloudflare Pro, $20/mo
Other than the OWASP 2017 Top 10, Cloudflare Pro misses out when it comes to malware scans. As such, please get yourself MalCare, which covers the scanning portions that Cloudflare Pro doesn’t and is much more affordable than Sitelock.
Other than the daily malware scan and average web application firewall, Wordfence lacks in many ways when compared to the other providers. Personally, I would stick with the MalCare and WebARX combination.
iThemes Security Pro, $99/year with unlimited sites
iThemes Security Pro is the cheapest website security solution in the table with a generous unlimited sites. However, iThemes Security Pro does not do any scanning of its own nor have a web application firewall.
As such, I would not recommend iThemes Security Pro as of this moment.
WebARX Review: The OWASP Top 10 List – Why it matters?
Update: I realised the importance of the the OWASP Top 10 list, as they are the most critical risks a website face. Here’s a snippet from Cloudflare, which explains it better:
The OWASP Top 10 is a regularly-updated report outlining security concerns for web application security, focusing on the 10 most critical risks. The report is put together by a team of security experts from all over the world. OWASP refers to the Top 10 as an ‘awareness document’ and they recommend that all companies incorporate the report into their processes in order to minimize and/or mitigate security risks
WebARX Review: First Impressions
WebARX impressed me from the get-go. From their beautiful hacker-like dashboard to the process of installing WebARX’s WordPress plugin and the thoughtful layout that helps with the consumption of logs and reports, WebARX comes across as professional and easy to use.
Plus, the WebARX team shows a lot of agility and ambition to move WebARX to the next level. Since the AppSumo launch, they have added on features that will benefit users, such as the ability to white label and to stack more than one AppSumo code.
WebARX further impressed me when it detected a vulnerable WordPress plugin in my client’s site. The site was on MalCare and I added it to WebARX to see the difference. Within moments, WebARX notified me that I had a vulnerable software.
Now that you have read a bit about WebARX, should you buy a license? And if the answer is yes, how many? If that’s you, perhaps the following statement by Oliver Sild, the founder of WebARX, would help.
‘The uniqueness of WebARX comes from its private threat intelligence, which the company is also providing to national CERT’s and is powering the CMS-based web application firewall. We analyse around 3,000 hacking incidents every single day. We know all the latest attack vectors being used, as well as the software that is mostly targeting with automated hacking tools.5‘
WebARX Review: The Testimonials
Here are some WebARX testimonials from AppSumo. These testimonials were helpful to me and I hope to you too.
So Good – ‘I usually host most of my client sites on Flywheel that provides built-in security and free malware cleaning, but they’re kinda pricey. So I host some less important sites on either Bluehost or Cloudways. And I’ve had my sites hacked multiple times on both of those. Yikes! It’s a pain in the a**.
Wordfence has been kinda pricey, so I’m excited to see this deal for WebARX. I just bought it, and installed it on 8 sites in about a half hour, all from one dashboard. OMG! No more logging in to each site to install and configure the plugin. And I can see the activity in all from one dashboard.
I feel so relieved’, anubhav
Visual centralized security management for your sites is now a thing –‘I nearly bypassed this. Then my friend who is a web host said he was impressed with it. And he ain’t an easy guy to please when it comes to tech. I am SO glad I went back for another look.
Having stacked codes, I can now map out the removal of WordFence, GOTMLS, PAID uptime monitoring, daily AV scanning and other stuff I have with another provider. As for the interface…the colour scheme appeals to my inner geek. The information is presented very clearly, with even more data/info available on each website on the dashboard.
One very happy camper here!’, paulirvine
WebARX Review: The Conclusion
WebARX is a software that has the potential to shake up the website security industry. Compared to the current WordPress security solutions, WebARX has come a long way really fast. I can’t imagine where WebARX would be in a year or two.
With upcoming integrations with major CMS such as Magento, OpenCart and Prestashop, among others, WebARX will turbocharge any freelancers, web developers and digital agencies who handle care plans for clients.
Personally, I recommend that you stack a minimum of a five stack which will give you fifty websites for life. If you have the budget, stack more, as WebARX has the potential.
Image already added
- https://webmasters.googleblog.com/2017/03/nohacked-year-in-review.html ↩
- https://www.webarxsecurity.com/company/ ↩
- https://www.jic.cz/en/magazine/we-know-the-winners-of-jic-starcube-show-2015/ ↩
- https://cylonlab.com/startups/ ↩
- https://www.vpnmentor.com/blog/webarx-web-application-firewall-for-digital-agencies/ ↩
WebARX Review: Keep Your WordPress & Drupal Websites Secured
Description: WebARX is an upcoming website security platform that provides impressive protection and monitoring of your WordPress and PHP-based websites.
Offer price: 14.99 per month
Operating System: SaaS
Application Category: Web Application Security
WebARX is an upcoming website security platform that provides impressive protection and monitoring of your WordPress and PHP-based websites.
- Lets us easily monitor our various websites for an affordable price
- Gives us a cloud-based Web Application Firewall that actually works
- Customer Service is excellent
- Site Management is a bonus but not yet at the level of ManageWP. They’ll get there soon though.