Worried about hackers bringing down your site, or spreading malware to your visitors? Then you need a security plugin to keep your site safe. Sucuri is the leading name is software security, and their security plugin for WordPress is among the most popular. Find out if Sucuri is right for your website in our Sucuri review.
Why All WordPress Sites Should Have a Security Plugin
While WordPress is a secure CMS, security is relative — and it often depends on the action (or inaction) of users.
WordPress is one of the most popular CMSes, now running over 25% of all sites on the web. Unfortunately, that also makes it popular among hackers.
Every day, tens of thousands of websites are hacked. Their goal is to steal sensitive data, hijack your server or email to send spam or commit fraud, spread malware to your visitors, and other malicious activities.
Most WordPress users aren’t security experts, and aren’t aware of the best ways to keep their sites safe.
But using a security plugin like Sucuri can automate and guide you through the processes you should follow to fight back against hackers.
Why Sucuri Security?
Sucuri Inc is a reputable, globally-recognized company that offers website security software and services to business of all sizes around the world.
Their software products include website antivirus and firewall, and they also can help you to:
- remove malware from your hacked website
- remove you from blacklists
- help you access your hacked website if you get locked out
- put a stop to hacking or DDoS attacks
Keep Safe With the WordPress Sucuri Plugin
Sucuri also offers a WordPress security plugin that will help prevent your website from being hacked. It offers tools to continuously monitor and scan your site and plug any security leak and loopholes.
Some of its features include:
- Security Activity Auditing: Logs all security-related activity on your site, including logins, failed login attempts, etc.
- File Integrity Monitoring: Automatically detects any changes to your files.
- Remote Malware Scanning: Uses Sucuri’s scanner, SiteCheck, to search your site for malware.
- Blacklist Monitoring: Checks with blacklist engines to make sure your site isn’t being blocked for security issues.
- Effective Security Hardening: Security hardening removes vulnerabilities, such as removing your WordPress version display and protecting your uploads directory.
- Post-Hack Security Actions: A checklist of actions you should take in case your site is compromised.
- Security Notifications: Customize how and how often you’re notified of all the above activities.
How to Set Up Sucuri on Your Site
After installing and activating the Sucuri plugin, you’ll see a notification that you need to generate a free API key to fully activate all its features.
Click the Generate API Key button and follow the instructions in the popup.
That’s it! The plugin will be automatically configured for you.
You can now navigate to Sucuri Security » Settings to customize the options if you would like to. You’ll probably want to review the notification settings under the Settings » Alerts tabs.
To scan your site for malware, just go to Sucuri Security » Malware Scan and click the Scan Website button.
You can click across the tabs to view the details of your results.
If you click on Sucuri Security » Hardening, you will see a list of options for improving your website’s security. Many are enabled by default, but you can scroll through them to see if there are any others you’d like to enable.
Under Sucuri Security » Post-Hack is a walkthrough that guides you through the steps you should take if your website is hacked.
You can also review the latest user logins under Sucuri Security » Last Logins.
Tighten Security With Sucuri Website AntiVirus
The Pro version includes Sucuri’s Website Firewall, which is a reverse proxy that filters all your traffic through one of various Points of Presence (POPs) around the world.
By installing the firewall, you allow Sucuri to see all incoming traffic and proactively defend your website from DDoS, brute force, and other attacks.
You also get more in-depth reporting on the state of your site and security actions.
Documentation and Support
Sucuri maintains a huge knowledgebase on their website with all the information and tutorials you need to keep your site secure with their plugins. They also have a blog where they post security tips.
For the free version of the plugin, you can post in the WordPress.org support forums for help. The developers are active there and most threads are responded to and resolved quickly.
The Pro version of the plugin includes customer support from the developers via support ticket, and there’s even a Business plan that includes live chat support.
Sucuri vs. iThemes Security
If you’re looking for the most comprehensive security plugin for WordPress, Sucuri is what you need.
While iThemes Security and Sucuri both have many of the same features to secure your WordPress site, Sucuri goes beyond that with their DNS level firewall.
If your site suffers slow loading speeds due to DDoS attacks, brute force attacks, spam, and other attacks, then you really need to address security at the hosting server level.
You can read more details about this in the WPBeginner post How Sucuri Helped us Block 450,000 WordPress Attacks in 3 Months.
However, if you don’t have the budget for a premium security plugin, then you might prefer iThemes Security, which has a somewhat more beginner-friendly user interface. Check out our iThemes Security review for more details.
Another popular option for WordPress security is WordFence. We believe WordFence isn’t the best option, though. You can read why in our WordFence Security review.
Sucuri is a great option for keeping your WordPress website safe and secure from all kinds of attacks, especially if you have the budget for the pro version. No other security plugin offers a DNS level firewall.
We give Sucuri 4 out of 5 stars. Here is the breakdown of our review scores:
Ease of Use