Securing Jekyll Sites with Cloudflare Features and Ruby Security Gems

Giulia Iarpini chinacofre Mary cofre its.kaeleerenee Kaelee Rene miahazelton.xo Mia Hazelton bunnyy.rose_ Bunny 🐰🤍 michelle_stranskaa Michelle Stránská sakiacka 🌟ALEHANDRA🌟 veronicahunkova 𝕍𝕖𝕣𝕠𝕟𝕚𝕔𝕒 albapop.joubert Alba Joubert irina_runkel TSUNAMI gracelowell.xo Grace Lowell sonyatemnikova Sofia Temnikova dianasprkl Diana Sparkle sofija.savic123 eubrufreitas Bruna Freitas miss_queen_pooja_62 Puja Kumari vero._82 Ve Ro judyblack.xo Judy Black hannahbackupppppp nataliaa_mezz Natálie Mezzeiová gloria.riolfi rixiadigivolved Rixia Digivolved kaiastell Kai Astell pampeliska_vyhulstromova ANET nikolkapikolka7 Nikola Pavlicová (Novotná) lilith_rayne.xo willowclarkxo_ Willow Clark manda.michelle 𝖆𝖒𝖆𝖓𝖉𝖆3* fran_moura051 Fran Moura itsselenarosee Selena Rose sasharoxelle Sasha Roxelle _janut_56 ☠️ deshi_bhabhi_1111 🔥 hot bhabhi 🔥 bunnyrose.me Bunny 🐰 elenasuvari Elena Suvari alexwilliams236 Alex williams ouull7 حـــــــــب 🇹🇷 _e.c_xx dleahhxo09 Demeliah rose luci.krupova LUCIE KRŮPOVÁ regina.fa6 ريجين lospeleonerostv Abby Matheus sylwia_syska 🌸𝓢𝔂𝓵𝔀𝓲𝓪🌸 vinnytsya.day natiiks Nati raw.raw.edits 🐣🌸 lil.mari.11 🎀 Marianna🎀 majka2016 Maja stefaniihristova Stefani Hristova jaimyleesophie5 Jaimy-Lee Sophie tiffany_hoffmann49 Tiffany ariane_hg Ariane iamdominikapakrova 🖤𝐃𝐎𝐌𝐈𝐍𝐈𝐊𝐀🖤 zaiibo.g zaiibo.g helenabjorkmann Helena Björkmann stefaniaa229 Ș𝔱𝔢𝔣𝔞𝔫𝔦𝔞 terezka_kocicka Terezka Kočka mondieee 🫧🧃 emily.iic Akshisa d4n13333 Angelina hrackypodlekacky Zuzana Kacvinská 🐳 ramonky__ Ramona Varyšová eliskadombkova Eliška Dombková Iᖴᗷᗷ ᑭᖇO brothers_gipsy_kings costache_vasile_lilian nattakulnice 𝐍𝐢𝐜𝐞 coco.la.tigresse Coco 🤩 sarah_vistejnova Sarah bianca_bibysor Bianca Ioana ✌ mariakalulu_ Mariaka Luluu natalia_csa Natalia Sanchez andy.su29 Andrea Suková kathchudobova KATEŘINA CHUDOBOVÁ evaperkausova Eva Perkauѕová notesfromhera Hera fit_papryczka Patrycja Patrycja lafemminadelsud Sofi 🌸 bellaxfoxx Bella Fox pecenkova_stepankaa 𝖘𝖙𝖊𝖕𝖍𝖆𝖓𝖎𝖊 gabika_gabca18 °°gabika🤍 giorgia_ru 𝓖𝓲𝓸𝓻𝓰𝓲𝓪_𝓻𝓾 riya_sharma00111 riya_sharma celinemyrren Celine Myrren vladimira.roziakova ROZZI ¹¹✨² lucreziaagrande 𝓛𝓾𝓬𝓻𝓮𝔃𝓲𝓪 𝓖𝓻𝓪𝓷𝓭𝓮 chloe_sinclairr Chloe Sinclair artkatana 🌟Kateryna Fedorova💫 maya.asianbby Maya | Asian model jessy_ai_00 Jessy Aikermann aangelicamariani 𝐸𝓃𝑔𝓎 ginger_girls_studio Julie Garnier sarahhhinsta S A R A H - S A N D R A jessica_secrettt Jessica ❤️ ms.sethii Shilpa Sethi neftciler_gozelii R o z a 👑 conkova_zuzana Zuzana Čonková krist_rubka K R I S T I N A andreea_dogaru97 🔥 Andreea Dogaru 🔥 milaaswelt Mila Ari Ruby🧜🏼‍♀️ tschulique Julia Schäfer quote407 itz______fizaaaa serenaparkar 💞 Nisha 💞 karindubravayova anna_hamannova Anna Hamannová manixbby imani .𖥔 ݁ sara02wolf 𝑺𝒂𝒓𝒂𝑾𝒐𝒍𝒇 venisdao Vendula Dao ann.trann__ Anna Tran 🖤 sofigarc.ia Sofía Garcia itsemmastrickland Emma Strickland alinafarmsss Alina Frams mallytesarikova Mally Tesaříková uhli8 Kačka Uhlířová evabartuskovaa tanjamiovcic Tanja Miovcic | Influencer rihannacorvelle Rihanna Corvelle irinaaaaaa.r ♥️🍀 ♥️༺ 𝕴𝖗𝖎𝖓𝖆 ༻♥️🍀♥️ crackaddictzyt ASMR Chiro Clips danicalop_ Dani Calop maylo_bullyxl Maylo von riot kennel eliasovakamila miilabloom Mila Bloom frida_starborn Frida Starborn redheadedbethany Bethany Rose _jaja_16 ❦𝐉 mmisendova Mgr. Miroslava Mišendová radka_kuzelova Radka Kuželová🇨🇿 czeksa_ •Sylwia pamela.borek 𝑃𝐴𝑀𝐸𝐿𝐾𝐴 silxr 𝒮𝒾𝓁 𖡼 __monepon__ 🐍 lexiiwiinters LEXI WINTERS mikela_michaela Mikela vlcek kakuszidorinaa Dorina joha_santo Johana Santuangelo andrea.dvorakovaa Andrea D.🎀 lxsaso Lisa Sophie🌸 worldshottestgrandma Gina Stewart vladaadaa Владислава 777.roksana.777 𝓡𝓸𝓴𝓼𝓪𝓷𝓪 _karolina__11 esthete.day Красотка 😍❤️ irinavolky Irina🍓 annasaunders903 Anna Saunders monaa_1991_ Mona hollysgotreels Holly ioanaa.m.m Ioana soniapralong Sonia Pralong gallery_platforms GalleryIn amandajuliiiia Amanda Starlily tyna_blazkova Týnka weronika_jezierska Weronika Jezierska vercapivodova98 Veronika Pivodová 🦋 szabo_bettiina 𝕭𝖊𝖙𝖙𝖎𝖓𝖆. love_eliskaa Eliška Blažková helenalopez90 Helena 💋 jessicca0fc 💖 Jessica 💖 yuliayycxo Yulia Zahurska nellinkacz Nellinka👅 hotwheelsxhannah Hannah Jansen stefania_bonomo Stefania Sofia Bonomo 💎 shezoevans Zoe Evans barboramajkova Barbora Májková littlelustylucyy annaolivia.x Anna Olivia Kurdys raj_tanu_offical RAJ THAKUR joaana_annaa JOANA _sobiecka._ Iga Sobiecka danielahrouzkova Daniela Hrouzková itssandraagain Sandra 💫 kendrarcrawford Kendra Crawford adriia_naa Adriana Pokorná zabili__mi__zolwia S. 🍀 kattyritter Екатерина Риттер|Reels•UGC evcawolfcz 𝐄𝐕𝐂𝐀 𝐖𝐎𝐋𝐅 taylorravenwood Taylor Ravenwood __todorovvaa__ andrea🥐 _olq_a_ 𝑶𝒍𝒈𝒂 ivakubelkova Iva Kubelkova karla.b16 agatha.lautnerova Agatha Lautnerová redleeloo Red Leeloo honeytisch hannah-sophie 💫 niconicoleta088 Hartsieker Firuta zuzka_bluzka12 Zuzka👑 ladyyforrest Forrest galinkadarling Галина ❤️ alketagashhi alketa elina.maria.julianna 𝑒𝑙𝑖𝑛𝑎 𝑚𝑎𝑟𝑖𝑎 𝑗𝑢𝑙𝑖𝑎𝑛𝑛𝑎 diana_andries_39 🇩🇪⊱𝗗𝗶𝗮𝗻𝗮 𝗔𝗻𝗱𝗿𝗲𝗲𝗮⊰🇦🇩 masha_farruggia 𝓜𝔞𝔰𝔥𝔞 sophieeeannnn sophie🌞🌊🧡🫧 sandstromboxer LINN SANDSTRÖM taleoflovee 𝙄𝙨𝙝💗 deinefreudinhanna Hanna hye_heroz Sedalicious👸🏻 Daddyinspo👑 morganhollymoore Morgan Holly Moore the.charmedgirl lucilla_fls2 Lucilla Flores k.szewczyk 𝕂𝕒𝕣𝕠𝕝𝕚𝕟𝕒 𝕄𝕒ł𝕘𝕠𝕣𝕫𝕒𝕥𝕒 𝕊𝕫𝕖𝕨𝕔𝕫𝕪𝕜 nicool0147 Nicol🖤 chloelurkss Chloe Lurks pxbunnyxo ployy.pyp leoniebrill_official Leonie Charlotte Brill barcahacecka Barbora Hačecká krisztina49713 Krisztina Horvath bayammi Bayammi flormanzanel ℱ𝓁ℴ𝓇 dajanaakalo Dajana Kalo cornfieldcutiee Jenny 💞 denisa_grigorik Denisa Grigorik | Realitní makléřka natalkatarhajova vanessaprincovaa Vanessa Princová yulia_fefilova Yulia_fefilova misel_vevodova Mišel canfeezam Nurgül Kotan its.britneyx Camila Belen hopeannd Hope Ann denisa.kalinova.75 Denča Kalinová fitt4pleasure Kaitlyn Jaynne ojdomino Dominika lu_see_fear 𝔏𝔞𝔡𝔦𝔰𝔩𝔞𝔳 𝔍𝔞𝔪𝔟𝔬𝔯 imhana.lol Hana Cantú jamelizsmth Jameliz Benitez Smith siennna.maee Sienna Mae jannybbvu Jannybb evieswaine_xo Evieswaine_xo sofia_vallet Sofia Vallet 🏥 shodorenok 𝐀𝐬𝐞𝐥 𝐒𝐡𝐨𝐝𝐨𝐫𝐨𝐯𝐚|Моя улыбка-мой стиль ✨ potvurka_23 Potvůrka Podivná 🖤 bvbzicke_1988 Christine Sonja Radermacher sara.stouracova Sára Štouračová micadlapa Mica Dlapa _v_janieee 𝓓𝔃𝓮𝓳𝓷𝓪 yuli.vlasenko Yulianna Vlasenko | SMM | content creator | Bratislava johanka_kucerova kučerová karolinaskowerska 🌸Karolina Skowerska🌸 nicoleta_moritz Moricova Nikoleta andreydoesnutrition Andrei Panevin vanessa190177 Vanessa Cicha vanessa.loewe Vanessa Loewe 🦋 britney.bakeer Camila Belen anna_brovarska 🌹 Anna Brovarska 🌹 lenka_badinkova Lenka Badinková realitacka.sophie Sofča babicovaverca Verča Babicová slimthick_vic Vic Marie mufazalova_ks Ксюня iluvvvvmarie Clarissa Marie kacisother Kacisother s.alexandra.367 𝕬𝖑𝖊𝖝𝖆𝖓𝖉𝖗𝖆 pde_edp D O R Y jodieanneuk10 Jodie Anne paolazambranoii Paola Zambrano II cutie_manbhar__30k m.marri.s 𝑴𝑨𝑹𝑰𝑰𝑨 doctor.optic Doctor Optic martuulatri Martina serenotwinzz Your Favourite Twins

Your Jekyll site feels secure because it's static, but you're actually vulnerable to DDoS attacks, content scraping, credential stuffing, and various web attacks. Static doesn't mean invincible. Attackers can overwhelm your GitHub Pages hosting, scrape your content, or exploit misconfigurations. The false sense of security is dangerous. You need layered protection combining Cloudflare's network-level security with Ruby-based security tools for your development workflow.

Adopting a Security Mindset for Static Sites

Static sites have unique security considerations. While there's no database or server-side code to hack, attackers focus on: (1) Denial of Service through traffic overload, (2) Content theft and scraping, (3) Credential stuffing on forms or APIs, (4) Exploiting third-party JavaScript vulnerabilities, and (5) Abusing GitHub Pages infrastructure. Your security strategy must address these vectors.

Cloudflare provides the first line of defense at the network edge, while Ruby security gems help secure your development pipeline and content. This layered approach—network security, content security, and development security—creates a comprehensive defense. Remember, security is not a one-time setup but an ongoing process of monitoring, updating, and adapting to new threats.

Security Layers for Jekyll Sites

Security Layer	Threats Addressed	Cloudflare Features	Ruby Gems
Network Security	DDoS, bot attacks, malicious traffic	DDoS Protection, Rate Limiting, Firewall	rack-attack, secure_headers
Content Security	XSS, code injection, data theft	WAF Rules, SSL/TLS, Content Scanning	brakeman, bundler-audit
Access Security	Unauthorized access, admin breaches	Access Rules, IP Restrictions, 2FA	devise, pundit (adapted)
Pipeline Security	Malicious commits, dependency attacks	API Security, Token Management	gemsurance, license_finder

Configuring Cloudflare's Security Suite for Jekyll

Cloudflare offers numerous security features. Configure these specifically for Jekyll:

1. SSL/TLS Configuration

# Configure via API
cf.zones.settings.ssl.edit(
  zone_id: zone.id,
  value: 'full'  # Full SSL encryption
)

# Enable always use HTTPS
cf.zones.settings.always_use_https.edit(
  zone_id: zone.id,
  value: 'on'
)

# Enable HSTS
cf.zones.settings.security_header.edit(
  zone_id: zone.id,
  value: {
    strict_transport_security: {
      enabled: true,
      max_age: 31536000,
      include_subdomains: true,
      preload: true
    }
  }
)

2. DDoS Protection

# Enable under attack mode via API
def enable_under_attack_mode(enable = true)
  cf.zones.settings.security_level.edit(
    zone_id: zone.id,
    value: enable ? 'under_attack' : 'high'
  )
end

# Configure rate limiting
cf.zones.rate_limits.create(
  zone_id: zone.id,
  threshold: 100,
  period: 60,
  action: {
    mode: 'ban',
    timeout: 3600
  },
  match: {
    request: {
      methods: ['_ALL_'],
      schemes: ['_ALL_'],
      url: '*.yourdomain.com/*'
    },
    response: {
      status: [200],
      origin_traffic: false
    }
  }
)

3. Bot Management

# Enable bot fight mode
cf.zones.settings.bot_fight_mode.edit(
  zone_id: zone.id,
  value: 'on'
)

# Configure bot management for specific paths
cf.zones.settings.bot_management.edit(
  zone_id: zone.id,
  value: {
    enable_js: true,
    fight_mode: true,
    whitelist: [
      'googlebot',
      'bingbot',
      'slurp'  # Yahoo
    ]
  }
)

Essential Ruby Security Gems for Jekyll

Secure your development and build process:

1. brakeman for Jekyll Templates

While designed for Rails, adapt Brakeman for Jekyll:

gem 'brakeman'

# Custom configuration for Jekyll
Brakeman.run(
  app_path: '.',
  output_files: ['security_report.html'],
  check_arguments: {
    # Check for unsafe Liquid usage
    check_liquid: true,
    # Check for inline JavaScript
    check_xss: true
  }
)

# Create Rake task
task :security_scan do
  require 'brakeman'
  
  tracker = Brakeman.run('.')
  puts tracker.report.to_s
  
  if tracker.warnings.any?
    puts "⚠️  Found #{tracker.warnings.count} security warnings"
    exit 1 if ENV['FAIL_ON_WARNINGS']
  end
end

2. bundler-audit

Check for vulnerable dependencies:

gem 'bundler-audit'

# Run in CI/CD pipeline
task :audit_dependencies do
  require 'bundler/audit/cli'
  
  puts "Auditing Gemfile dependencies..."
  Bundler::Audit::CLI.start(['check', '--update'])
  
  # Also check for insecure licenses
  Bundler::Audit::CLI.start(['check', '--license'])
end

# Pre-commit hook
task :pre_commit_security do
  Rake::Task['audit_dependencies'].invoke
  Rake::Task['security_scan'].invoke
  
  # Also run Ruby security scanner
  system('gem scan')
end

3. secure_headers for Jekyll

Generate proper security headers:

gem 'secure_headers'

# Configure for Jekyll output
SecureHeaders::Configuration.default do |config|
  config.csp = {
    default_src: %w['self'],
    script_src: %w['self' 'unsafe-inline' https://static.cloudflareinsights.com],
    style_src: %w['self' 'unsafe-inline'],
    img_src: %w['self' data: https:],
    font_src: %w['self' https:],
    connect_src: %w['self' https://cloudflareinsights.com],
    report_uri: %w[/csp-violation-report]
  }
  
  config.hsts = "max-age=#{20.years.to_i}; includeSubdomains; preload"
  config.x_frame_options = "DENY"
  config.x_content_type_options = "nosniff"
  config.x_xss_protection = "1; mode=block"
  config.referrer_policy = "strict-origin-when-cross-origin"
end

# Generate headers for Jekyll
def security_headers
  SecureHeaders.header_hash_for(:default).map do |name, value|
    ""
  end.join("\n")
end

4. rack-attack for Jekyll Server

Protect your local development server:

gem 'rack-attack'

# config.ru
require 'rack/attack'

Rack::Attack.blocklist('bad bots') do |req|
  # Block known bad user agents
  req.user_agent =~ /(Scanner|Bot|Spider|Crawler)/i
end

Rack::Attack.throttle('requests by ip', limit: 100, period: 60) do |req|
  req.ip
end

use Rack::Attack
run Jekyll::Commands::Serve

Web Application Firewall Configuration

Configure Cloudflare WAF specifically for Jekyll:

# lib/security/waf_manager.rb
class WAFManager
  RULES = {
    'jekyll_xss_protection' => {
      description: 'Block XSS attempts in Jekyll parameters',
      expression: '(http.request.uri.query contains " {
      description: 'Block requests to GitHub Pages admin paths',
      expression: 'starts_with(http.request.uri.path, "/_admin") or starts_with(http.request.uri.path, "/wp-") or starts_with(http.request.uri.path, "/administrator")',
      action: 'block'
    },
    'scraper_protection' => {
      description: 'Limit request rate from single IP',
      expression: 'http.request.uri.path contains "/blog/"',
      action: 'managed_challenge',
      ratelimit: {
        characteristics: ['ip.src'],
        period: 60,
        requests_per_period: 100,
        mitigation_timeout: 600
      }
    },
    'api_protection' => {
      description: 'Protect form submission endpoints',
      expression: 'http.request.uri.path eq "/contact" and http.request.method eq "POST"',
      action: 'js_challenge',
      ratelimit: {
        characteristics: ['ip.src'],
        period: 3600,
        requests_per_period: 10
      }
    }
  }
  
  def self.setup_rules
    RULES.each do |name, config|
      cf.waf.rules.create(
        zone_id: zone.id,
        description: config[:description],
        expression: config[:expression],
        action: config[:action],
        enabled: true
      )
    end
  end
  
  def self.update_rule_lists
    # Subscribe to managed rule lists
    cf.waf.rule_groups.create(
      zone_id: zone.id,
      package_id: 'owasp',
      rules: {
        'REQUEST-941-APPLICATION-ATTACK-XSS': 'block',
        'REQUEST-942-APPLICATION-ATTACK-SQLI': 'block',
        'REQUEST-913-SCANNER-DETECTION': 'block'
      }
    )
  end
end

# Initialize WAF rules
WAFManager.setup_rules

Implementing Advanced Access Control

Control who can access your site:

1. Country Blocking

def block_countries(country_codes)
  country_codes.each do |code|
    cf.firewall.rules.create(
      zone_id: zone.id,
      action: 'block',
      priority: 1,
      filter: {
        expression: "(ip.geoip.country eq \"#{code}\")"
      },
      description: "Block traffic from #{code}"
    )
  end
end

# Block common attack sources
block_countries(['CN', 'RU', 'KP', 'IR'])

2. IP Allowlisting for Admin Areas

def allowlist_ips(ips, paths = ['/_admin/*'])
  ips.each do |ip|
    cf.firewall.rules.create(
      zone_id: zone.id,
      action: 'allow',
      priority: 10,
      filter: {
        expression: "(ip.src eq #{ip}) and (#{paths.map { |p| "http.request.uri.path contains \"#{p}\"" }.join(' or ')})"
      },
      description: "Allow IP #{ip} to admin areas"
    )
  end
end

# Allow your office IPs
allowlist_ips(['203.0.113.1', '198.51.100.1'])

3. Challenge Visitors from High-Risk ASNs

def challenge_high_risk_asns
  high_risk_asns = ['AS12345', 'AS67890']  # Known bad networks
  
  cf.firewall.rules.create(
    zone_id: zone.id,
    action: 'managed_challenge',
    priority: 5,
    filter: {
      expression: "(ip.geoip.asnum in {#{high_risk_asns.join(' ')}})"
    },
    description: "Challenge visitors from high-risk networks"
  )
end

Security Monitoring and Incident Response

Monitor security events and respond automatically:

# lib/security/incident_response.rb
class IncidentResponse
  def self.monitor_security_events
    events = cf.audit_logs.search(
      zone_id: zone.id,
      since: '-300',  # Last 5 minutes
      action_types: ['firewall_rule', 'waf_rule', 'access_rule']
    )
    
    events.each do |event|
      case event['action']['type']
      when 'firewall_rule_blocked'
        handle_blocked_request(event)
      when 'waf_rule_triggered'
        handle_waf_trigger(event)
      when 'access_rule_challenged'
        handle_challenge(event)
      end
    end
  end
  
  def self.handle_blocked_request(event)
    ip = event['request']['client_ip']
    path = event['request']['url']
    
    # Log the block
    SecurityLogger.log_block(ip, path, event['rule']['description'])
    
    # If same IP blocked 5+ times in hour, add permanent block
    if block_count_last_hour(ip) >= 5
      cf.firewall.rules.create(
        zone_id: zone.id,
        action: 'block',
        filter: { expression: "ip.src eq #{ip}" },
        description: "Permanent block for repeat offenses"
      )
      
      send_alert("Permanently blocked IP #{ip} for repeat attacks", :critical)
    end
  end
  
  def self.handle_waf_trigger(event)
    rule_id = event['rule']['id']
    
    # Check if this is a new attack pattern
    if waf_trigger_count(rule_id, '1h') > 50
      # Increase rule sensitivity
      cf.waf.rules.update(
        zone_id: zone.id,
        rule_id: rule_id,
        sensitivity: 'high'
      )
      
      send_alert("Increased sensitivity for WAF rule #{rule_id}", :warning)
    end
  end
  
  def self.auto_mitigate_ddos
    # Check for DDoS patterns
    request_rate = cf.analytics.dashboard(
      zone_id: zone.id,
      since: '-60'
    )['result']['totals']['requests']['all']
    
    if request_rate > 10000  # 10k requests per minute
      enable_under_attack_mode(true)
      enable_rate_limiting(true)
      
      send_alert("DDoS detected, enabled under attack mode", :critical)
    end
  end
end

# Run every 5 minutes
IncidentResponse.monitor_security_events
IncidentResponse.auto_mitigate_ddos

Automating Security Compliance

Automate security checks and reporting:

# Rakefile security tasks
namespace :security do
  desc "Run full security audit"
  task :audit do
    puts "🔒 Running security audit..."
    
    # 1. Dependency audit
    puts "Checking dependencies..."
    system('bundle audit check --update')
    
    # 2. Content security scan
    puts "Scanning content..."
    system('ruby security/scanner.rb')
    
    # 3. Configuration audit
    puts "Auditing configurations..."
    audit_configurations
    
    # 4. Cloudflare security check
    puts "Checking Cloudflare settings..."
    audit_cloudflare_security
    
    # 5. Generate report
    generate_security_report
    
    puts "✅ Security audit complete"
  end
  
  desc "Update all security rules"
  task :update_rules do
    puts "Updating security rules..."
    
    # Update WAF rules
    WAFManager.update_rule_lists
    
    # Update firewall rules based on threat intelligence
    update_threat_intelligence_rules
    
    # Update managed rules
    cf.waf.managed_rules.sync(zone_id: zone.id)
    
    puts "✅ Security rules updated"
  end
  
  desc "Weekly security compliance report"
  task :weekly_report do
    report = SecurityReport.generate_weekly
    
    # Email report
    SecurityMailer.weekly_report(report).deliver
    
    # Upload to secure storage
    upload_to_secure_storage(report)
    
    puts "✅ Weekly security report generated"
  end
end

# Schedule with whenever
every :sunday, at: '3am' do
  rake 'security:weekly_report'
end

every :day, at: '2am' do
  rake 'security:update_rules'
end

Implement security in layers. Start with basic Cloudflare security features (SSL, WAF). Then add Ruby security scanning to your development workflow. Gradually implement more advanced controls like rate limiting and automated incident response. Within a month, you'll have enterprise-grade security protecting your static Jekyll site.

In This Article