The next stage to keep your website secure is to prevent people from bypassing the Website Firewall Platform and targeting the server directly, to do this you will need to block access to anyone other than the Website Firewall.
Our website firewall platform is delivered in partnership with Sucuri. This means you need to update the Firewall Rules in your control panel to restrict ports 80 and 443 to the Website Firewall Platforms IP Ranges only, or use the default Sucuri Template for this. More details on this can be found in our “Firewall Bypass” page.
Note: The default Sucuri Rule Group may need to be configured to allow access to services such as SSH or FTP etc. and to ensure that these are locked down to any relevant IPs only. We recommend you review and amend the rule group as required before applying it.
If you do not have Memset Firewalling on your server you may need to create a “.htaccess” file (or similar) to configure your website not to allow access from IPs outside of the Website Firewall Platform.
More information on this can be found in the Sucuri Docs here; https://kb.sucuri.net/firewall/Configuration/preventing-bypass
Last updated 18 June 2019, 09:15 GMT