Purpose-Cloud computing technology is a virtual machine formed through virtualization based on the sharing of computing resources. There are three service models including IaaS, PaaS and SaaS. Facing the cloud era, cloud security and user privacy have also become essential issues in cloud platform. Since cloud users often use Web browsers to request for services from cloud service providers, when a signed message request is sent to the service receiver from the service provider, attackers can use wrapping attacks to tamper with the XML or SOAP messages transferred through the internet in order to avoid legal verifications and access Web services without being detected to implement wrapping attacks. This paper is to combine and improve Node Counting mechanism to propose a new XML-based wrapping attack protection scheme called ENC-WRAP under cloud platform. Design/methodology/approach-This ENC-WRAP is a continuation on the Node Counting method and the determining conditions were improved and divided into three modules: interception, detection and logging; it performs analysis to the incoming XML or SOAP requests. Not only does it compare the number of times the child node appears, but also perform detection to the elements on the path between the root node to the final node in order to enhance the verification procedure on the detection module. Findings-The experimental results of KPIs for ENC-WRAP scheme indicate that the Detection rate can be increased by 2%, 3.8%, 3.7% and 2.8%; the Accuracy rate can be increased by 8%, 7%, 10.5% and 9.5%; and the Average processing time is increased by 1%, 1.3%, 0.2% and 0.6% in 50, 100, 200, and 500 packet requests, respectively, under cloud computing environment. However, we will utilize Docker virtual machines technique to shorten the Average processing time. Research limitation/implications - In the future, we will enhance the utilizations of computing resources and shorten the Average processing time by Docker virtual technology. Also, we will perform more simulations to consider the other KPI of APT (Average Processing Time) to obtain more efficient and effective results. Practical implications - Practically, this paper designed new XML-based Wrapping Attacks Protection: scheme called ENC-WRAP to improve the verification process of the original Node Counting mechanism, the proposed ENC-WRAP can determine wrapping attackers more accurately to reduce the security risk and improve the quality of services in cloud computing platform. Originality/value-The XML or SOAP request sent by the sender, which will be intercepted; as compared from Node Counting, not only is the frequency of child node appearances compared, elements on the path from the root node to the end node were also detected to discover illegal incoming requests and deny the requests for enhancing the verification process in proposed ENC-WRAP scheme.