Image of a programmer with Security written over his head.

Integrated performance & security options

Why should you invest in website security?

In 2017, Equifax lost the records of 145 million American’s because they failed to patch a known issue. Small businesses often claim they are too small to be a target, but in fact, you’re under attack from day one. Although you may not have a wealth of personal data, or commerce, there are other purposes such as cryptocurrency mining. Even beyond hacking, there are other ways security could impact you online.

The costs of rectifying a breach are on average several million dollars, and that is before the cost of lost customers is included. Can your business afford that, especially when there are opportunities to significantly reduce the risk at reasonable prices.

In this article, we explore three options that provide both security and performance enhancements and are leaders in the market that services small to medium businesses.

Note, Amazon is excluded as an option as they are not a particularly user friendly option. While I have used Amazon historically, they are no longer my preference, although are an excellent option. Similarly, I feel Fastly and Akamai are better suited to more mid to large-sized businesses.

In the interest of full disclosure, I have used all these vendors mentioned for different occasions.

Security and performance services

All of these companies share basic services:

  • CDN (Content distribution network) – Network of servers that duplicates your website’s content around the world. This allows customers to receive faster responses, which can have a huge impact on retention and conversion.
  • WAF (Web Application Firewall) – System that analyses incoming traffic for potential threats and blocks identified risks. For example, traffic that is trying to target a known exploit.
  • DDoS (Distributed Denial of Service) protection – Protects against a malicious attack where a third party floods a website with traffic that can cause it to slow or fail under the load. Traffic comes from numerous individual sources that can make blocks challenging.

Who are these companies?

If you’re reading this, you may not have heard of any of these companies, so who are they?


Cloudflare logo

Cloudflare started in 2004 as a project to determine where email spam originated. It has now expanded to track and protect against significantly more threats. In fact, the average person touches the Cloudflare network 500 times per week. They are trusted by large companies and are a favourite of small businesses due to their exceptional free plan. They have the biggest footprint of any of these providers with 119 data centres around the world.


StackPath logo

StackPath was founded in 2015 and grew through the purchase of five specialised companies. Each of the acquisitions was extremely well regarded individually, and StackPath has now started to unify them into a compelling package.

While they may not have the established base of Cloudflare, they provide a competitive and scalable offering.



Sucuri started back in 2010 and was purchased in 2017 by GoDaddy. Their goal is to offer a concise security overview and protection for website owners. The acquisition should assist Sucuri to compete with the scale of the larger companies mentioned here.

Key differences

Each of these companies will have a product that will deliver on your needs, so how can you narrow it down? Below is a table with some of the primary differences. Please ensure you review the product offerings carefully before making a selection.

Feature Cloudflare StackPath Sucuri
  • Free – No WAF
  • Pro – $20/mth with WAF
  • Business – $200/mth
Refer to pricing page for full details. Cloudflare doesn’t charge by bandwidth.
  • $20/mth – 1TB
  • $200/mth – 10TB
  • $2000/mth – 100TB
Refer to pricing page for full details.
Firewall only:
  • Basic – $10/mth
  • Pro – $20/mth
  • Business – $70/mth
Malware protection package:
  • Basic – $200/yr
  • Pro – $300/yr
  • Business – $500/yr
Sites included 1 Unlimited, other limits by tier 1
Interface quality Excellent Ok, technical knowledge required Very good
CDN performance* Good Excellent Good – Australia is poor
Paid plans only
DDoS protection
Country blocks
Business only
TLS control
Malware monitoring/removal
SSL Shared (Upload own cert available on Business plan) Shared, Lets Encrypt or own certificate Lets Encrypt or own certificate


That’s a fairly complicated comparison, who would I recommend each to? While exact recommendations will depend on specific cases, my suggestion is usually:

Cloudflare– Customers after a simple user interface or cheap CDN. Cloudflare’s free tier is extremely high quality and their DNS service is excellent. If you aren’t ready to pay, I’d use Cloudflare without question and add features as appropriate.

StackPath– People more concerned about site speed or technically minded people. StackPath requires considerably more effort to configure and will require some understanding as documentation is poor. Several options in StackPath can easily block good traffic if not understood. Finally, it does have excellent analytics for the CDN and the cost can justify StackPath as a CDN alone if needed.

For full details regarding our thoughts on StackPath, have a look at our review of StackPath.

Sucuri– Anybody looking for additional malware protection, or who would like a single easy dashboard for reviewing their security. While Cloudflare has an easier interface to understand, Sucuri I find simpler to manage.

Tell me about your selections and why in the comments below.

More Stories
Attributes on a chalk board: Service, Efficiency, Quality, Reliability and Customer at the centre
Complaint handling can create more satisfied customers