Kinsta

Kinsta uses Cloudflare solutions to prevent DDoS attacks and provide a premium tailored hosting experience

Founded in 2013, Kinsta is a premium hosting provider that supports tens of thousands of companies from 128 countries. Kinsta was built on the idea that hosting should be feature-rich, powerful, fast, and secure — and that support should be exceptional. The company has won numerous awards, including G2’s Best Relationship, Easiest Admin, Best Usability, and Leader awards in fall 2021 alone.

Challenge: Highly visible websites create DDoS risks

Kinsta hosts tens of thousands of websites, ranging from small businesses to global enterprises. Many of these businesses have high profiles, making them popular targets for cybercriminals. Distributed denial-of-service (DDoS) attacks are thus a major concern for Kinsta. While the company had in-house DDoS mitigation solutions, handling attacks in-house was expensive and required significant time and manual effort by system administrators. Additionally, DDoS attacks caused noticeable downtime, which was undesirable for Kinsta and its customers.

Cloudflare eliminates the threat of DDoS attacks

Kinsta’s in-house DDoS mitigation solution was built using load balancers hosted on Google Cloud Platform (GCP). Using a combination of automated scripts and manual tuning, this in-house infrastructure could mitigate most attacks with minimal downtime for customer sites. However, a DDoS attack against one site could also affect other customer sites behind the same load balancer.

Managing DDoS attacks in-house also took personnel away from other tasks, a problem that was eliminated by a switch to Cloudflare DDoS protection. Jenna Recktenwald, a DevOps engineer at Kinsta, says, “I remember some days when it would take two or three admins per shift to be handling a DDoS attack or even multiple ones. Now, we just get alerts from Cloudflare saying that it has detected an attack and is mitigating it.”

Cloudflare DDoS protection has mitigated dozens of attacks for Kinsta so far. For customer sites protected by Cloudflare, DDoS attacks have become a non-event. According to Recktenwald, “We have Cloudflare DDoS alerts sent to our Slack channel. When we get an alert about an in-progress attack that Cloudflare is mitigating, our sysadmins will just acknowledge it and move on.”

The switch to Cloudflare has enabled Kinsta to eliminate its GCP-hosted load balancing infrastructure, which has dramatically simplified the process of applying updates. In the past, sysadmins needed to coordinate updates to all 100+ load balancers to ensure a smooth rollout. Now, updates require only a single configuration change or a tweak to some code and are automatically rolled out across Cloudflare infrastructure.

SSL for SaaS simplifies certificate management and improves site performance

Kinsta hosts over 100,000 domains for its customers. In the past, it managed SSL certificates for these domains using Let’s Encrypt. When rolling out an updated SSL certificate for a domain, it had to be manually rolled out to each load balancer supporting that domain. Doing so across all of Kinsta’s infrastructure usually required a couple of hours’ work by a system administrator.

According to Recktenwald, “After making the switch to Cloudflare for DDoS protection, using SSL for SaaS was a no-brainer.” SSL for SaaS automates the SSL certificate creation process, eliminating a task for system administrators and support tickets from customers struggling with Let’s Encrypt.

SSL for SaaS from Cloudflare also provides a better experience for Kinsta’s customers. The switch to SSL for SaaS improved load times for customers’ custom domains by 40%.

Workers enables customized web hosting at scale

Kinsta is growing rapidly, making scalability a primary consideration. Kinsta has containerized its hosting infrastructure, which decreases overhead and improves reliability and scalability. However, containerization has made routing more complex for Kinsta. Routing traffic to a particular container requires specifying both the IP address and port of the destination container.

Cloudflare Workers, a next-generation serverless edge computing solution, makes it possible to implement the necessary routing logic at scale. Each of the domains that Kinsta manages has a record in Workers KV (key-value) that stores the necessary routing information. Inbound traffic is processed by a Cloudflare Workers script that looks up the relevant record and routes the traffic to the appropriate location.

By using Workers and Workers KV, Kinsta is also able to apply custom settings for each of its customers’ domains. Recktenwald says, “There was no good way for us to scale before we started using Cloudflare Workers. By storing data in Workers KV and manipulating requests before they reach the server and on their way back, we can just turn on or off so many features for our clients.”

Workers has rapidly become a vital part of how Kinsta provides value to its customers. Each month, Cloudflare Workers handles over 15 billion requests from Kinsta’s infrastructure.

Enabling Kinsta to prioritize providing exceptional service

By automating the process of protecting against DDoS attacks and managing SSL certificates, Cloudflare made it possible for Kinsta to concentrate on its customers and keep growing. Daniel Pataki, Kinsta’s CTO, says, “Everything that we do is focused on building a solution that can scale while providing the level of service that our customers expect. Cloudflare solutions give us that scalability and free up our teams' time and energy to focus on proactive features and solutions.”