sucuri wordpress plugin review

Sucuri WordPress Security Plugin Review

In WordPress Security Tips by Nick BennettLeave a Comment

sucuri wordpress plugin review

Safety first, right? Seriously. When it comes to your website you do not want to log into your site one day only to find out it has been hacked. I’ve seen too many WordPress users find out the hard way that having a secure site is vitally important. Give this Sucuri review a read and see if you are about to be like thousands of WordPress users who trust them with the security of their site.

Here is what the awesome Sucuri Security plugin does:

  • Provides server side scanning
  • Has a nice 1-click Hardening feature
  • Provides Integrity Monitoring
  • Will actually log all audits and provide activity reporting
  • 1-click Hardening

So, Why Do We Think You Should Have the Sucuri WordPress Security Plugin?

To begin with, the creators of Sucuri have been active in web security dating back to 2004. The company was actually founded back in 2010 and they specialize in spyware and malware detection and removal.  For any of their clients, they will actually provide them with their Security plugin for free.


Sucuri features:

  1. Security Activity Auditing
  2. File Integrity Monitoring
  3. Remote Malware Scanning
  4. Blacklist Monitoring
  5. Effective Security Hardening
  6. Post-Hack Security Actions
  7. Security Notifications
  8. Website Firewall (add on)

Sucuri centers around auditing, malware scanning and security hardening. Besides WordPress, Sucuri also supports Joomla, Drupal, Magento, .NET, Oscommerce, vBulletin and phpBB.

Based on these core services (auditing, malware scanning and security hardening), it came up with 8 security features:

1) Security Activity Monitoring – Now you’ll have the ability to find out who accessed your site as well as the time it was accessed, the IP address used and hostname. Sucuri puts all these logs into its cloud-based repository for safekeeping. This is important so that hackers cannot access your logs and attempt to delete the records of their intrusion. You’ve got their record, now you’ll get to block them permanently.

2) File Integrity Monitoring  – To explain this feature, it’s important to understand your “known good” state. Your site’s “known good” state is the specific moment when you first installed Sucuri. A known good state composes of all your root directories, plugins and core files. During scanning, Sucuri compares your current state from the “known good”. It’ll search for anomalies and alerts you accordingly. You may then restore your core content, remove file(s) or mark it as “fixed”. Having integrity monitoring makes it easy to spot anomalies and get rid of them faster.

3) Remote Security Malware Scanning – SiteCheck, Sucuri’s free security scanner, makes this feature possible. SiteCheck determines whether your site got malware infected, defaced or blacklisted. But, SiteCheck only scans what’s on your browser (e.g. Javascript files, iframes or links). This means a sneaky hacker might get around SiteCheck, head towards your server (i.e. Phishing and spam injection) and wreak havoc to his heart’s desire.

But don’t worry, Sucuri has that issue covered with its server-side scanning (available to paying customers). It’ll scan your directories and identify infections such as phishing, malware, spam and others. You’ll also receive an audit trail report in the event that hackers breaches your site.

4) Security Blacklist Monitoring – Getting infected is a huge blow to your brand’s reputation. Not only it hurts your search engine rankings, it’ll also lead to your site getting blacklisted from services like Google, Norton, AVG, Phish Tank, ESET, McAfee, Yandex, SpamHaus and Bitdefender.  Sucuri will make sure it doesn’t happen to you. But if it does, Sucuri will perform the necessary actions to get you off the list.

5) Security Hardening – If you’re not a system admin like me, you are  clueless about hardening. But what is it anyway? Hardening is a laundry list of security and safety actions you need to do to protect your site.

Sucuri has gathered industry-wide hardening practices so you don’t have to come up with your own list. You can then activate each hardening with just a click of a button.

6) Post-Hack Security Actions –  How do you recover from a disaster like an intrusion or infection? For sure, none of us are technical enough to do the cleanup of our own. Fortunately, Sucuri can do all the cleanup and more: Malware removal and cleanup for unlimited pages, scan, blacklist scanning and monitoring, protection via firewall, DDoS protection and customer support.

7) Security Notification –  You may receive alerts through email, twitter, instant messaging, SMS and RSS. I feel this is a convenient feature because it allows you to get real-time status updates wherever you are. You don’t have to get inside your dashboard to check your site.

8) Sucuri CloudProxy Website Firewall  – This add-on is available to paying clients. It allows for protection from DDoS, Brute Force and similar attacks. On top of that, you can give access to select IP addresses, configure security levels and track for changes. Sucuri has used over a million remediation cases and website security attack blocks to come up with a fully-featured service for you. That means, Sucuri can protect your site from present and upcoming threats of any form.

Sucuri has 4 pricing plans:

  • Basic ($199 a year)
  • PRO ($ 299 a year)
  • Business ($ 499 a year)
  • Custom ($ 500 a year)

You might be thinking that since your site has only 100 visitors a day, you wouldn’t need a plugin such as Sucuri.

You’re wrong.

Hackers target WordPress sites (and other sites for that matter) regardless of the size of the site. Don’t be fooled into thinking just because you have a smaller site that you are somehow invisible. At the end of the day, it is better to be safe than sorry. I hope this review of the Sucuri plugin was helpful.

Leave a Comment