I migrated from WordPress to Ghost (Pro) last week. One of the reasons I did it was to have a hosted solution. I still have my Sucuri subscription (it was for my WordPress site). Is it necessary to keep a firewall/security solution in place with Ghost (Pro)? Recommended? A good idea? Thanks! Jen
Two items might help you out - from the official Ghost(Pro) features page.
Threat & uptime management
They have this to say about threat and uptime management. " When you’re under attack or the servers catch fire, if you self-host, then you’re the one who loses sleep. With Ghost(Pro), we lose sleep!"
Enterprise-grade security
Regarding security, they have this to say: " All Ghost(Pro) installs are integrated with Fastly, with 24/7 DDoS mitigation, a sophisticated Web Application Firewall, brute force protection and automatic rate limiting."
What this says to me
Although I am no expert, based upon the above information, and considering that both the treat and uptime management and the enterprise-grade security are available for all tiers of Ghost(Pro), I would say that you do not need any additional protection.
If you were self-hosting, you might have needed security and protection on your server, but the Ghost(Pro) feature page specifically says that they take care of both.
At least that is my take on it.
I hope I helped you
Mel XD
1 Like
Yes, it’s mine too. I think I just needed another set of eyes to help me let go of it. 
Thabks!