WMPH Vacations is a travel company specializing in cruise and resort vacations. Its network of 30 websites helps people prepare for and purchase vacations with a singular mission: to make its customers happy. After all, WMPH stands for “We Make People Happy.”

It does this by providing accurate information that is relevant to a customer’s cruise vacation, and through reservation systems that enable its agents and direct customers to find the best deals.

Travel partners include all major cruise lines: Carnival, Celebrity, Cunard, Disney, Holland America, MSC Cruises, Princess, Regent Seven Seas, and Royal Caribbean.

Its first-to-market mobile app, Cruise Finder by iCruise.com, is the most comprehensive cruise vacation-planning tool in the travel industry. The app offers 100 cruise brochures providing detailed information on more than 310 cruise ships and 25,000 cruise itineraries at the touch of a button.


Like many in the travel industry, WMPH websites are under constant assault by hackers, competitors, unauthorized aggregators, and other nefarious actors. Among the security threats it has had to deal with were near-constant SQL injection attempts, aggressive price scraping, unauthorized vulnerability scanning, and spam.

“Having so many sites makes us more vulnerable because our footprint is bigger,” says Antoine Zammit, Vice President of Technology at WMPH. “It’s very difficult to monitor bad bot activity 24/7.”

Form spam polluted backend systems

WMPH has “a system where we assign leads to agents. When we get one of those spammy forms, it pollutes all our backend systems. One of the managers has to comb through the forms and get rid of all the spammy ones.”

WMPH had put CAPTCHAs on all its forms and created filters, but such techniques weren’t effective and required constant maintenance. Web scraping caused slowdowns

Scraping had a negative impact on site performance, slowing response times in addition to affecting customer service and transactions with partners.

WMPH was using AWS ELB to manually block IPs. “We were looking at logs, trying to find patterns, and blocking IP addresses,” Zammit says. “But it’s an impossible task because the bot operators change and mask IPs. It’s never-ending. The site was slow; we would spend a good 20 hours a month trying to manually fix the problem.”

Needed to block bad bots—but not users nor good bots like Google

When looking for a solution, Zammit says “one of the most important things that we wanted to achieve was to block robots and not real people.”

Making sure we let good bots through was also important. “We didn’t want a solution that might negatively impact our sites. SEO is really important for us. Were we going to block Google bots, and suddenly not have our sites rank well? We wanted to make sure that didn’t happen.”

The Results

WMPH deployed the Imperva Secure CDN for all its websites, and it didn’t take long to see results. The solution immediately helped the company realize that a business in the Netherlands was scraping its sites for prices millions of times a day.

“It was just crazy. Thanks to Imperva, we were able to identify it and contact that company’s CEO, who was very apologetic. Unbeknownst to him, the vendor he had hired to do API calls to cruise lines had taken a shortcut by scraping our sites instead,” Zammit says.

40% increase in response times

Since deploying Imperva Bot Management, WMPH has not had any slowdowns, and site speed is up 40%.

Improved partner relationships

Imperva also helps WMPH protect its partners—a high priority for Zammit. “Some of our partners are smaller cruise lines, so they don’t have the infrastructure to handle a lot of traffic. Scrapers were causing excessive API calls to a smaller cruise line and we almost brought their system down. We didn’t feel it. But the cruise line did.”

No more SQL injection attempts hittings our sites

Not seen a single SQL injection attempt has appeared in WMPH logs since it began using Imperva Bot Management. “They’re being filtered out before they even hit our code,” Zammit says. “Having that protection is really powerful, especially with everything that is going on out there.”

Leads up 100% – No more spam – Only serving CAPTCHAs to bots

Addressing the spam issue is another benefit. With Imperva Bot Management, WMPH doesn’t have to keep adding filters to block spam. There are realized savings in time and development costs.

WMPH had previously been using CAPTCHAs on its forms. “Now we don’t need them—that is probably one of the biggest contributors to our 100% increase in leads versus the same period last year,” Zammit says.

By removing CAPTCHAs on their forms and only serving CAPTCHAs to the bots, WMPH increased their form conversion rates by 22%.

Visibility into click fraud

“We advertise on Cruise Critic, Google, and other sites. Using the Imperva Click Fraud Report, we’re able to identify numbers that don’t add up, then go back to vendors to get credits and refunds. It’s been a real eye-opener.”

Protecting the company Intranet

WMPH also uses Imperva to protect its Compass intranet, where agents can check sales, listen to phone messages, and view cruise line information.

Dedicated and vigilant support

Another huge benefit is Imperva support. “The support has been excellent—really excellent.” Zammit reports, “I can send a request at 3 am and someone answers me five minutes later.”

Peace of mind and able to sleep at night

Zammit says the Imperva Bot Management solution “surely gives me peace of mind. I know that I don’t have to worry about bad bots and their impact on our business. I’m able to sleep at night. That’s the biggest benefit of all.”