How Incapsula Can Make Your Website Faster & Safer

To sustain this free service, we receive affiliate commissions via some of our links. This doesn’t affect rankings. Our review process.

Setup | Plans | Support | Compare | Dashboard | Monitoring | Security | SSL | Plugins

Incapsula logo and ReviewIncapsula is a CDN (Content Delivery Network) that offers customers the highest levels of website security while increasing traffic speeds by up to 40% and helping you reduce bandwidth charges at your hosting provider. This cloud-based service does not require any hardware to set up. Once you sign up, Incapsula sends you step-by-step instructions for changing your website’s DNS records. The entire process takes only a few minutes, and your traffic will begin to be filtered through Incapsula’s cloud-based security and performance network.

Visit Website: Incapsula 

Transition to Incapsula

Incapsula is a big hit across the spectrum of CDN providers due in large part to it’s seamless transitioning. Within minutes, your website is running at higher speeds and begins collecting analytical data from users and spam bots trying to access your site. Incapsula’s cloud works to filter out unwanted traffic, and only allow legitimate visitors access to your web page’s information. In doing so, your website is able to run at maximum efficiency while preventing hackers and web bots from obtaining information or hogging bandwidth.


Incapsula offers three distinct plans for customers that range from a free version designed for small websites to a business plan for small to large businesses.

Basic Plan

The basic plan affords users up to 50 GB of bandwidth space and will monitor your site free of charge. It will increase the speeds for visitors to your site and offer you all the protection of their other plans.

Personal Plan

The “Personal” plan starts at just $9 per month per website. On this plan, you will receive protection for up to 500GB of bandwidth and any additional bandwidth needed will cost just $.20 per GB per month. This option allows you to file and transfer private documents securely. The security features are monitored in real-time and performance features are upgraded. Website statistics are updated every 15 minutes and your web site data is retained for 90 days.

Business Plan

The “Business” model takes what the “Business” level does and expands on it. There is more bandwidth and advanced Firewall protection settings, making your data as secure as possible. You also have a personal contact at Incapsula that is assigned to your account and is accessible through email. This service costs $59 per month and $19 for each additional website.

Online Community

Incapsula also has a wonderful community that can be accessed on all plans. Often times when problems arise, users have already encountered similar situations and can help you. This community is a fantastic resource and is a great place to begin troubleshooting.

Compared To Other CDN’s

Some of the biggest things that those in the market for CDN products look for are speed and performance. Compared to similar companies, Incapsula has produced results at or near the top of every performance category. While products like Cloudflare have similar results as far as increased bandwidth and decreased loading time, Incapsula seems to be more reliable. Cloudflare’s speeds are very dependent on location and time of day, whereas Incapsula is steady across the board regardless of time of day or where you happen to be when accessing a website.


The dashboard Incapsula has designed is, honestly, quite flawless. There are a variety of options users have to customize their security settings, traffic logs, and performance can be tracked at all times. With the paid versions, these are refreshed every 15 minutes so you can see exactly when there is an influx of traffic on your site. This allows users to adjust their settings based on time of day to maximize performance and allow for maximum speeds at all times. The dashboard is easy to use and easy to understand, even for first timers. When your dashboard is pulled up, you will first see a series of four tabs that you can choose between.

Traffic Tab

Incapsula Traffic Tab










The first is your “Traffic” tab, where daily visits are logged on a line chart and, again, this is very easy to observe when people are most often visiting your site. There is also bandwidth tracking, and a list of countries where your traffic is coming from. This page is a great resource for understanding who makes up the greatest population of your website hits, and when they are visiting.

Security Tab

Incapsula Security tab













The second tab is the “security” tab. Here, you are able to set security settings and view blocked IP addresses that have been flagged for one reason or another. You can see how many web bots have tried to access your site and where they are coming from. Having this information is invaluable; because you can feel safe knowing that this unwanted traffic is being deferred away from your page. Incapsula, more so than many of its competitors, puts a high premium on its security, and this tab allows users to set their guidelines based on the threats visible on this page.

Performance Tab

Incapsula Performance tab














The third tab is for “Performance.” This tab helps you understand how much bandwidth is being used and how quickly your website is responding to requests. You are able to view how much bandwidth you are saving and allows you to again adjust your settings to maximize your users’ experience.

Activity Log

There is also an “Activity Log” that allows you to see what changes you have made and when you made them.


Because Incapsula is so focused on safety, it’s no surprise that they carefully monitor every hit your website gets. As noted earlier, this includes every non-human hit, such as bots and fake IP addresses. Incapsula’s firewall protection guards against four specific threats, those being SQL Injection, XSS, Illegal Resource Access and DDoS (Distributed Denial of Service) attacks. Incapsula takes it a step further by determining how to best guard against each specific threat. Incapsula also sends administrators periodic emails that reports what types of threats are targeting their sites and explains how those threats were handled.

All things considered, there really is no reason not to try Incapsula. The free version offers fantastic benefits to smaller sized websites, and larger sites will find a great deal of features that will improve performance and speeds while keeping your information safe and protected. Just about every aspect of Incapsula is customizable, and you can tailor your visitors’ needs to that of your website. Small websites and large corporate websites stand to gain plenty if they decide to invest in Incapsula. And since the entire setup is controlled by a simple change to your DNS records, you can always switch back if you’re not happy with the results. Even the feature loaded paid versions offer 2-week free trials, so there is no financial hook preventing you from seeing what Incapsula can do for your website.


Of all the CDN’s we’ve been reviewing, Incapsula appears to have one of the most robust security offerings.


If your website supports SSL, you can use it in conjunction with Incapsula. One of Incapsula’s SSL certificate providers will issue you a global certificate once you’ve gone through the SSL setup process. Here’s the steps you’ll take:

  • Login to your dashboard and click on “Settings”
  • In the left-hand column select “General”
  • The last Site Setting is “SSL Mode”
  • Switch it to Enable
  • This will pop up a box asking you to confirm an email address. Pick one that you recognize. You’ll receive an email from their SSL certificate provider that you’ll need to approve.
  • Once you do, it will take up to 24 hours to propagate (the certificate provider verifies your site is secure, and not malicious (ie. a phishing site)).
  • Finally, log back into Incapsula and make sure the DNS settings are updated on your site (you’ll need to edit the DNS zone and change the A records).

You’re now setup and running on SSL worldwide. Note that you’ll need to purchase an SSL certificate with your hosting provider before you setup SSL through Incapsula. An alternative approach is to purchasing one is to use a self-signing certificate.

SIEM INtegration

Incapsula now offers SIEM (Security Information and Event Management) integration, including HP ArcSight and McAfee Enterprise Security Manager. This means companies can manage and analyze Incapsula security events in a centralized location. This also helps with security standards compliances such as PCI DDS. The Incapsula SIEM API allows developers to customize the integration to your needs.

Comprehensive DDoS Protection

Incapsula provides comprehensive DDoS protection that includes infrastructure protection for individual IP addresses. In addition to attack monitoring technologies that are preemptive, you can setup DDoS notifications (auto-notifications to users via email, SMS, or phone call) and escalation paths. Their DDoS dashboard shows you specifics in regards to each attack:

  • Traffic per IP range
  • Traffic per attack type
  • Traffic per service
  • Top traffic metrics per:
    • Source IP range
    • Destination IP/range
    • Service
    • Attack type

Joomla Plugin

The newest addition to Incapsula is its extension to support the Joomla content management system with the Joomla plugin for Incapsula. This addition allows users to manage their security and performance features and functions through Joomla’s admin page. If you manage multiple pages with Joomla, the same great protections and performance enhancers extend over the entire reach of your network. Where this marriage really stands out is with corporate websites and intranets/extranets. Joomla and Incapsula seamlessly integrate with one another to enhance speeds, provide excellent protection and cut down on bandwidth.

One study suggests that 9 out of 10 Joomla users still run the basic version of its software, which leaves it susceptible to modern viruses and hack attacks. Incapsula for Joomla not only works on the newest versions, but also provides protection for earlier versions and has caught millions of potential attacks on Joomla sites like WordPress and extensions of Harvard’s website.

Joomla websites already have a team of security analysts working to detect and eliminate bugs in its software. If you add their already stellar support with Incapsula’s award-winning protection, you are safeguarding your website against all threats imaginable, all while reducing overhead.

Hope this Incapsula review helped. All things considered, there really is no reason not to try Incapsula. The free version is fantastic to smaller sized websites, and larger sites will find a great deal of features that will improve performance and speeds while keeping your information safe and protected. Just about every aspect of Incapsula is customizable, and you can tailor your visitors’ needs to that of your website. Small websites and large corporate websites stand to gain plenty if they decide to invest in Incapsula. The paid versions  have 2-week free trials, so there is never a financial investment to see what Incapsula can do for your website.

About The Author:

Ryan Rauch graduated from Scripps School of Journalism in 2009 and has been writing for We Rock Your Web since 2012. Ryan enjoys writing and researching new and evolving home security measures, and has a passion for technology.

Disclaimer: This website contains reviews, opinions and information regarding products and services manufactured or provided by third parties. We are not responsible in any way for such products and services, and nothing contained here should be construed as a guarantee of the functionality, utility, safety or reliability of any product or services reviewed or discussed. Please follow the directions provided by the manufacturer or service provider when using any product or service reviewed or discussed on this website.

Notify of
Oldest Most voted
Inline Feedbacks
View all comments

Hi Alex. Nice review. I recently talked to the Incapsula sales personnel and she told me they provide ~1.5 TB of bandwidth every month with the free plan. As you mentioned 50 GB with the basic plan, I am a little confused. Can you confirm it? Also, does Incapsula affect Google Adsense earning? The reason I discontinued CloudFlare is it dropped my earning terribly.

Hi Sarang, the 1.5 TB is probably correct if you heard it from the horses’ mouth, they’ve most likely increased the amount since I wrote this. A CDN such as Incapsula or Cloudflare should not affect Google Adsense earnings if setup correctly – are you sure there’s not something else going on?

I setup Cloudflare CDN and then I observed a sudden drop in the adsense revenue. I got revenue from clicks but not from the impressions. Observing an ad unit I placed on the homepage, I observed that the impressions dropped from 3000 to just 57 for the day.
The setup is simple and there is not much to go wrong. I did everything and searched forums and contacted support, but they pointed me to this page:

The problem with CloudFlare is that they use proxy IP for the visitors. To use the real ip addresses, they recommend to install mod_cloudflare on the servers, but that is not possible on a shared hosting as it would affect other websites sharing the same ip.
The do recommend to install mod_cloudflare.

This is a common problem with the CF CDN and adsense. You can search the web for many such reports.
That is why I am afraid of using any other CDN. I don’t know about Incapsula, but I am not ready to do some experiments with my website. If incapsula uses the same method then I am afraid it will give the same result.

Thanks so much for your detailed insight on your experience Sarang, I’m sure this will help other readers with your issue. We do have mod_cloudflare installed and are on dedicated servers, but we also have a setting in Wordfence (WP security plugin) that specifies that the Cloudflare IP should be passed through – I wonder if that might help you?

I recently switched from the free version of Cloudflare to the free version of Incapsula. I find Incapsula performs better for me than Cloudflare. Incapsula reduced the bad bot traffic much more than Cloudflare. I also find my site loads faster with Incapsula than Cloudflare. The time to first byte (TTFB) is also improved with Incapsula where it actually was worse using Cloudflare.

I’ve heard Incapsula now offers two factor authentication (2FA) for free with all its plans. Is that true?

Yes, you can read more about it on our cloud security page.

This is a decent Incapsula review, I like the screenshots and the emphasis on security. However, I would even more like to see a comparison of say Incapsula vs Cloudflare vs Amazon’s offering and whatever else is out there. Got anything like that in the pipeline?

Our cloud based security article compares the security efficacy of Incapsula vs Cloudflare. Beyond that, yes, we have more cloud and CDN articles in the works. Subscribe to our feed to be notified when new content is posted!

Loving Incapsula so far, thanks for introducing me to this great service! Not only has it reduced the bandwidth I’m using on my hosting account, it has significantly sped up my site across the globe, as evidenced in my Google Analytics reports.

I am running into a little problem, however: when I try and +1 a link on one of my websites in Google Plus, or if I try and post a link within Google Plus (on my Google Plus page), instead of a description of the link, an Incapsula error message shows up: Request unsuccessful. Encapsulate incident ID (#).

It’s obviously important that my pages are able to be shared on Google Plus. Is there any way to force Incapsula to allow G Plus through?

Incapsula tries to allow good bots by default, but it appears they haven’t added this one to their universal white list yet. Meanwhile, if you run into an issue like this, you can white list bots yourself as follows:

Login to your Incapsula account.
Click on a website, followed by the “Setttings” tab.
Click on “Security.”
Under “Bot Access Control” click on the “Exceptions” link in the bottom right corner, followed by “Add new whitelist rule.”
Change the drop-down to “User Agent,” and enter “Mozilla/5.0 (Windows NT 6.1; rv:6.0) Gecko/20110814 Firefox/6.0 Google
Click “Confirm.”
Rinse and repeat for your other sites.

Incidentally, If you click on the “Events” tab, you should build the see which bots are being denied access. If you notice one that should’ve gotten through, you can make note of the User Agent and white list it as described above.

What if I want to install SSL on my server? Do I need to switch Incapsula off while it’s setup?

No, you can add your site (once SSL is setup), after which Incapsula generates a certificate for your domain that will be hosted on their global servers. Their SSL partners are GlobalSign and Comodo.

We’ve added an SSL section to the article, and Incapsula’s FAQ page covers this also, although it appears they’ve left out a couple steps:

Within 24 hours of adding the web site you will receive an e-mail from GlobalSign, our SSL certificate provider, requesting approval to generate an SSL certificate for your domain. To approve this request simply reply with “yes” in the message body.
After your approval Incapsula will provision the service to support SSL on your domain. This process can take up to 24 hours.
Once the process is completed, you will be notified through an e-mail and you will be able to proceed to the final step of adding your website to the Incapsula service.

You can also choose to add your web site to Incapsula without SSL support. However, any user that browses your site using SSL may receive a warning from his browser.

Hi, Incapsula is better for paid service, but what about free plans on cloudflare and incapsula, which one of those two has better security on free plan? I am using joomla 2.5.

Thanks, Dan

Incapsula security is a lot more robust than CloudFlare, regardless of the plan level you choose. More details in our article on cloud based security.

Great review! I’ve heard great things about Incapsula, and think I am going to go ahead and give it a try. One thing you might want to point out to your readers is that they test their website speed before and after installing Incapsula. I’m curious to hear how much of a difference in speed Incapsula offers in the US? And would you consider publishing a comparison of Incapsula vs. some of the other cloud CDN providers (Cloudflare, for example)?

Finally, I noticed that you had some of the security features disabled (suspected bots, SQL injection, cross site scripting, and illegal resource access). Is there a reason you don’t have these enabled?

We do have Incapsula’s security features enabled now. We had been doing some testing with them off and on and happened to take the screen shot for this article when they were off. We have found that you will need to do some manual customizations with them enabled (for example, we had to whitelist the Taiwan IP address of one of our website monitoring station providers (Hyperspin)).

To answer your other question, we’re also working on a CDN comparison article. We’re anticipating that to be ready sometime later this month.