Launching Astra Website Protection 2.0 (earlier Astra Firewall)

Staying aligned with the #AstraPrinciple, If it’s not simple, it’s not done – we’ve built the product from the ground-up, to make it even simpler to protect your web apps.

The new dashboard and Website Protection plugin, will give you greater control over the security of your website than you’ve ever had – while being no-code, plugin-n-play & secure as always.

Here is EVERYTHING you need to know about this major (and long awaited) release ✨

PS: You can skip to the tl;dr section if you’re in a hurry, but do let us know what you think about this new version 😉

Astra Firewall is now Astra Website Protection

Some of our (delightful) customers thought that the name ‘Astra Firewall’ didn’t fully convey the value provided – and we agree!

Our plugin is much more than just a firewall. It comes with:

Web-application Firewall
Malware Scanner
Login Protection
File Upload Protection
IP/Country blocking
No-code Security Rules (more about this below 🎉 )

So to effectively communicate what our plugin does, presenting to you – Astra Website Protection.

One dashboard for both products – Pentest & Website Protection

As you may know – in addition to our Website Protection plugin, we also offer Pentests as a separate product which helps you discover and repair all the vulnerabilities in your web applications. We’ve combined the dashboard for both these products into one super-dashboard for all your security needs.

Simplified Pricing Plans

Since many of our Website Protection customers were using the Pentest product too – we have simplified the pricing structure and plan limits so that you can use both products without having to pay separately for each. You can see our updated pricing plans here.

Don’t worry – existing subscriptions (that are active) will not be affected by the new pricing structure and will keep receiving all the new (amazing) features we roll out for your plan. If you have any questions about these changes, feel free to reach out to our support team from within your dashboard.

We’ll be upgrading all accounts 🕶️

Over the next few weeks, we’ll be upgrading everyone’s account automatically. If you don’t want to wait and want to try out the new dashboard now itself here is what you have to do:

Create a new account at https://my.getastra.com/signup using the “Sign up with email” option (not Google account)
Make sure you enter the email address used to purchase the Astra subscription. If you are a team member, you will have to ask the owner to follow these steps.
You will receive an email to verify your account. Click on the verification link to activate your account, and automatically migrate your data to the new dashboard

For future use, bookmark the URL https://my.getastra.com/ to access your Website Protection & Pentest sites/targets with us.

Now you need to install the new Website Protection plugin to access all new features, after uninstalling the plugin already installed on your site. More details in the next few sections.

Reset your password, for enhanced account security

We’ve implemented a newer & stronger password hashing algorithm in the new dashboard. For any team members you may have added to the dashboard earlier – you’ll have to ask them to request a new password using the “Forgot Password” feature at https://my.getastra.com

A new password is required to be set, as it is not possible to import the old password into the new hashing algorithm. Since you have created a new account, you will not have to reset your password.

Install the latest plugin on your website to access new features

To unlock new features such as Booster Rules, upgraded Malware Scan reports etc – you will have to uninstall the old Astra plugin, and replace it with the new plugin which can be downloaded from the dashboard. All your threat data, customizations, preferences etc. are imported automatically.

Even if you don’t install the new plugin, the plugin already installed on your website will work as it is without any disruption. Attacks on your website will be stopped, and malware scans will run as scheduled. However, we recommend you to upgrade the plugin to use all the new features.

Steps to experience the new plugin:

Log-in to your dashboard at https://my.getastra.com/waf
Click on the icon next to your website’s name to navigate to the Settings page
Scroll down to the Re-install Astra section and click on the button
Select your CMS name from the dropdown & read the instructions given
Before you install the new plugin, remember that it is important that you uninstall the old plugin.
Now, download the new plugin from the Re-install Astra page & install it on your website as per the instructions
Enter the unique Activation Code into the Astra plugin installed on your website
Now in your Astra dashboard, click on the “Verify Installation” button to confirm that everything is set up correctly.

If you face any problems while reinstalling the plugin, or need assistance with the process just fill in your details by clicking the “Request plugin installation” button on the “Re-install Astra” page or contact us by emailing help@getastra.com

New Features & Improvements 🥁

Based on customer insights, industry standards, and some magic – we’ve finally built our dashboard and plugin from the ground up.

Fresh Design for a Seamless Experience

To keep the experience consistent & fresh within all our products – our design & front-end team has created a new design language which we’ve adopted across our website, dashboard, plugins, reports etc.

When you Sign in to our new dashboard, you might notice some of these changes:

Cleaner and consistent styling
Conversational language & rich help-texts
Help articles embedded for quick access
Smoother & quick navigation between pages
Easier searching, sorting & filtering
Better stability overall & helpful error messages

Better Stability & Visibly Faster

We’ve built the new dashboard using modern technology to make the whole experience smooth, stable & fast ⚡

Security on-the-go using your Mobile

Use your mobile to quickly see your website’s security status, malware scan results, block attackers and much more on-the-go. Our new dashboard is a Progressive Web App, which can be installed on your device easily.

Just open https://my.getastra.com on your mobile phone browser, and at the top right of the address bar, click Install .

Easier Subscription & Invoice Management

We’ve fully revamped our subscription management page so that you can now purchase new subscriptions, download invoices, modify your plan & manage your payment methods right within the Astra dashboard.

Better Overview of your Security Status

We’ve added more metrics to the security overview page to give you a bird’s-eye view of all the activity around your website’s protection.

From this watchtower you will get insights into:

Overall Website Protection status
Weekly & monthly attacks
Top Attackers
Top Attack Origins
Malware Scan Findings
Options to block Attackers in just 1-click
More details about each threat stopped on your website

All this information is packaged neatly on one page so that you can take quick decisions & stay on top of things.

Create “Booster Rules” using our no-code builder

While a website protection plugin can stop a wide range of attacks such as SQLi, XSS, RCE etc. on your website out of the box – you might also want to implement specific security measures such as restricting your admin portal to a few IP addresses.

With Booster rules – further strengthen your website’s security posture. You can either use a recipe crafted by experts, or just use our no-code builder to create your own security rules using 10+ variables.

We’ve added 4 security recipes with interactive wizards to get you started quickly. The possibilities are endless – and we’d be happy to help you create more complex rules 😎

Get more details about every Threat stopped

On the Threats page, you can now see an overview of the threats stopped with a breakdown on the type of attacks. For every attack stopped by the Web-application Firewall you can now see the IP address, country of origin, the attacked url, parameter, payload, device being used.

While our website protection plugin takes automatic blocking actions based on your security threshold, you can also block IP addresses, ranges and countries permanently from accessing your website.

Slice and dice data with better searching, sorting, filtering

Throughout the dashboard, we’ve made it easier for you to slice and dice data using the new search, filtering & sorting controls. You can do so by attacker IP address, Attacked Parameter, Attacked URL, country, thread ID etc.

Similarly, you can navigate the list of trusted and blocked IPs with ease by applying filters. These features will lead to more efficient threat management and decision-making.

Enable or disable individual Security Features

We’ve made it possible for you to enable/disable specific security features from withing your dashboard. You can now disable login protection, file upload scanning or the Web-Application Firewall as per your requirement. By default all features are enabled.

Updated Security Tolerance Levels to suit your needs

We understand that different verticals require different levels of protection. Sometimes the firewall may flag something normal for your website as an anomaly. This neat new feature will put an end to that.

You can choose from three security tolerance levels – low, medium, and high. This will represent the stringency with which the firewall flags anomalies or blocks potential threats.

You can also set the protection mode to either only monitoring or automatic blocking. If you select only monitoring, Astra will monitor all actions on the website without acting, the latter option triggers Astra to actively block all threats.

Customizable Security Seal

You can now customize the look, size, and position of Astra’s Security Seal to match your website’s design. (PS: There’s a dark mode, too 😉)

Improved Support Portal & Help articles

You can access our overhauled support portal at https://help.getastra.com/en/ where you’ll find articles for any questions you may have around both our products.

Few Limitations

At the time of writing this article, our Slack Integration is yet to be available in the new dashboard. Based on the feedback we’ve received from all of you, we will be re-imagining the integration and shall begin rollout next quarter.

Also, we will be discontinuing the Cookie Consent tool to focus solely on the core product. You can continue to use the Cookie Consent tool already integrated on your website, but we will not be releasing any new updates to it. You can try this open-source alternative.

tl;dr

We’ve built a new dashboard and plugin for our Website Protection product from the ground-up. The new login url is https://my.getastra.com
There’s only one dashboard for both our products – Website Protection & Pentest
We’ll be upgrading all customers over the coming weeks, but you can choose to upgrade immediately by following these instructions
To access new features you will need to uninstall the old plugin and install the new one on your website.
If you have any questions, feedback or need assistance with the upgrade – drop us a note on help@getastra.com

So it looks like we’ve killed the surprise by telling you about all the changes. We hope you love what we’ve done with the Astra Website Protection product, and look forward to hearing your experience.