
Worried about hackers bringing down your site or spreading malware to your visitors? Then, you need a security plugin to keep your site safe.
At IsItWP, we help our clients design and manage their WordPress websites. But, the reality is that site security needs a lot of experience to be executed effectively.
Websites are constantly targeted by malicious attacks such as malware injections, brute force attacks, and SQL injections. On top of that, we noticed that outdated themes, plugins, and software also left many of our client websites open to attacks.
But the most common issue we faced was unauthorized access, especially when editor and admin accounts were compromised.
Because of how broad WordPress malware attacks are, we wanted an all-inclusive solution. We wanted a security software that could carry our malware scanning, vulnerability assessment, DDoS mitigation, and blacklist monitoring, ensuring all-around protection.
For these reasons, we identified Sucuri as a great option for malware protection.
It is easy to use, allowing for real-time monitoring. The best part is that Sucuri quickly alerts you when it identifies a malware attack so that you can deal with it.
As a result, we have used Sucuri in many of our client projects and our websites. We have tested and used all aspects of this security plugin, giving us a lot of experience with it.
Today, we want to share everything we know through this Sucuri review. We will look at its features, pros and cons, and also how you can use it to improve your WordPress site security.
Why All WordPress Sites Should Have a Security Plugin
While WordPress is a secure CMS, security is relative — and it often depends on the actions (or inaction) of users.
WordPress is one of the most popular CMSes, now running over 43% of all sites on the web. Unfortunately, that also makes it popular among hackers.
Every day, tens of thousands of websites are hacked. Their goal is to steal sensitive data, hijack your server or email to send spam or commit fraud, spread malware to your visitors, and other malicious activities.
Most WordPress users aren’t security experts and aren’t aware of the best ways to keep their sites safe. But, a good start would be to use this WordPress website security scanner from IsItWP. This tool will help you check if your WordPress site has any errors or malware attacks.
For more information, check out this beginner-friendly article on The Complete WordPress Security Guide.
But, using a security plugin like Sucuri can automate and guide you through the processes you should follow to fight back against hackers.
About Sucuri
Sucuri Inc is the top website security company in the world. It’s famous as a security suite that provides security software and services for your website.
Sucuri offers a powerful WordPress plugin that you can install to protect your website from malware and hacks. It creates multiple layers to safeguard your website from security threats. Sucuri has a Cloudproxy firewall that bypasses all your traffic before sending it to the hosting server. It blocks any malware attack or hacker’s attempt to put your website at risk, and you’ll get only real visitors.
It also makes your website faster in speed and performance. Sucuri is a great addition to your must-have WordPress plugins list.
Why Sucuri Security?
Sucuri Inc is a reputable, globally recognized company that offers website security software and services to businesses of all sizes around the world.
Their software products include website antivirus and firewall, and they can also help you to:
- Remove malware from your hacked website
- Remove you from blacklists
- Help you access your hacked website if you get locked out
- Put a stop to hacking or DDoS attacks
Keep Safe with the WordPress Sucuri Plugin
Sucuri also offers a WordPress security plugin that will help prevent your website from being hacked. It offers tools to continuously monitor and scan your site and plug any security leakts and loopholes.
Some of its features include:
- Security Activity Auditing: Logs all security-related activity on your site, including logins, failed login attempts, etc.
- File Integrity Monitoring: Automatically detects any changes to your files.
- Remote Malware Scanning: Uses Sucuri’s scanner, SiteCheck, to search your site for malware.
- Blacklist Monitoring: It checks with blacklist engines to make sure your site isn’t being blocked for security issues.
- Effective Security Hardening: Security hardening removes vulnerabilities, such as removing your WordPress version display and protecting your uploads directory.
- Post-Hack Security Actions: A checklist of actions you should take in case your site is compromised.
- Security Notifications: Customize how and how often you’re notified of all the above activities.
How to Set Up Sucuri on Your Site
After installing and activating the Sucuri plugin, you’ll see a notification that you need to generate a free API key to fully activate all its features.

Click the Generate API Key button and follow the instructions in the popup.
That’s it! The plugin will be automatically configured for you.
You can now navigate to Sucuri Security » Settings to customize the options if you would like to. You’ll probably want to review the notification settings under the Settings » Alerts tabs.
To scan your site for malware, just go to Sucuri Security » Malware Scan and click the Scan Website button.

You can click across the tabs to view the details of your results.

If you click on Sucuri Security » Hardening, you’ll see a list of options for improving your website’s security. Many are enabled by default, but you can scroll through them to see if there are any others you’d like to enable.

Under Sucuri Security » Post-Hack is a walkthrough that guides you through the steps you should take if your website is hacked.
You can also review the latest user logins under Sucuri Security » Last Logins.
Tighten Security with Sucuri Website AntiVirus
The Pro version includes Sucuri’s Website Firewall, which is a reverse proxy that filters all your traffic through one of various Points of Presence (POPs) around the world.
By installing the firewall, you’ll allow Sucuri to see all incoming traffic and proactively defend your website from DDoS, brute force, and other attacks.
You’ll also get more in-depth reporting on the state of your site and security actions.
Documentation and Support
Sucuri maintains a huge knowledgebase on their website with all the information and tutorials you’ll need to keep your site secure with their plugins. They also have a blog where they post security tips.
For the free version of the plugin, you can post in the WordPress.org support forums for help. The developers are active there, and most threads are responded to and resolved quickly.
The Pro version of the plugin includes customer support from the developers via support tickets, and there’s even a Business plan that includes live chat support.
Sucuri vs. iThemes Security (Now Solid Security)
If you’re looking for the most comprehensive security plugin for WordPress, Sucuri is what you need.
While iThemes Security (Solid Security) and Sucuri both have many of the same features to secure your WordPress site, Sucuri goes beyond iThemes Security with their DNS level firewall.
If your site suffers slow loading speeds due to DDoS attacks, brute force attacks, spam, or other attacks, then you really need to address security at the hosting server level.
You can read more details about this in WPBeginner’s post “How Sucuri Helped us Block 450,000 WordPress Attacks in 3 Months”.
However, if you don’t have the budget for a premium security plugin, then you might prefer iThemes Security, which has a somewhat more beginner-friendly user interface. Check out our Solid Security review for more details.
Another popular option for WordPress security is WordFence. We believe WordFence isn’t the best option, though. You can read why in our WordFence Security review.
You should also read out the ultimate WordPress security guide for more details.
Should You Purchase Sucuri to Protect Your WordPress Website?
We discussed the features, functionality, and flexibility that Sucuri offers to its users. Sucuri’s security suite provides the best security to safeguard your website from malware and hacks.
Let’s take a look at the 3 key factors that’ll make you purchase Sucuri right away.
1. The Most Comprehensive Security Solution
Sucuri is known for being the most comprehensive and powerful security solution to protect your website from threats. Not only does it protect you, it takes precautionary measures to prevent your website from succumbing to harm and blocks all attacks at the server level before you even know about them.
One of the common examples was the Elegant Themes vulnerability issue. Sucuri protected hundreds of thousands of websites by patching their servers long before users updated their themes and plugins.
Sucuri has a tracking functionality that keeps logs for every activity. That means you can always find out what’s happening with your website and easily fix issues. And should also conduct timely website security audits to keep your site safe from in vulnerabilities.
2. WordPress Security
Sucuri hardens WordPress security with their 1-click hardening feature. You can also use the WordPress Audit plugin to check on your website’s activities.
Sucuri provides server-level scanning and protects your WordPress website servers from attacks. On top of that, they monitor new and potential security threats. They inform these security issues to WordPress’ core team and work side-by-side to patch the servers. Sucuri’s team is also connected with third-party themes and plugins to update them about the attacks and hacks.
They patch the vulnerabilities at the firewall level and keep your website protected from all security concerns.
3. Impeccable Support
Sucuri has 24/7 customer support which means you’ll always find their team available. They also offer an instant chat feature to their premium users. Sucuri engineers are always up-to-date with new developments and keep their customers informed about security threats.
You can easily rely on their support team to help you protect your website against attacks.
Now that we discussed the reasons to purchase Sucuri, let’s take a look on their pricing plans.
Pricing for Sucuri
Sucuri offers 3 pricing plans for personal to business websites. All these plans have different pricing and features. The 3 plans are divided into Basic, Pro, and Business categories.

Their Basic plan is affordable and it scans your website every 12 hours for the security check. It comes with a Let’s Encrypt SSL certificate and costs $199.99 per year.
The Pro plan has fewer intervals for scanning your website. It scans every 6 hours to protect your WordPress website from security threats. Other than that, it comes with a custom SSL certificate and costs $299.99 per year.
Sucuri’s most advanced and powerful plan is their Business plan. It has the fastest response on security threats and attacks. If you purchase this plan, it comes with instant chat support with Sucuri team, blacklist notifications, and much more. This plan costs $499.99 per year.
However, all plans include unlimited malware cleanup, website firewall (WAF), attack prevention capability, blacklist removal, advanced DDoS protection, and protection from hacks.
Sucuri also offers Firewall plans that start at $9.99 per month. This is perfect for bloggers and small site owners requiring occasional cleanups with ongoing security scans.

These plans do not come with malware removal services.
Our Verdict
Sucuri is a great option for keeping your WordPress website safe and secure from all kinds of attacks, especially if you have the budget for the pro version. No other security plugin offers a DNS-level firewall.
We give Sucuri 4.6 out of 5 stars. Here’s the breakdown of our review scores:




 4.6 / 5.0
   4.6 / 5.0



 5.0 / 5.0
   5.0 / 5.0



 5.0 / 5.0
   5.0 / 5.0



 3.0 / 5.0
   3.0 / 5.0



 4.0 / 5.0
   4.0 / 5.0



 4.0 / 5.0
   4.0 / 5.0
 
        
For some reason, they are still monitoring defunct website which no longer exists, still getting reports although cancelled
BE AWARE… STAY OUT…. IT IS A FRAUD…. IT IS A SCAM…
I had a very bad experience with SUCURI, I subscribed with a business subscription for $500, and they put my website offline for 2 days, a lot of problems, they don’t care about the website at all, support team without support skills, they badly modified dozens of server configuration files, and they destroyed everything claiming that they cleaned up malware, besides all of this, they don’t have a support chat, the response to the ticket after many hours with no solutions, I believe they’re teaching themselves using clients as learning materials.
After all, I ended up working on fixing the files, hiring professionals to fix what SUCURI corrupted, and migrating to another server since they had the access and they kept logging in and changing files…
It was a complete disaster.
Less than a week with this experience, they refused to refund after all.
Hey Yazan, I’m sorry for the experience you had. It must be stressful for you.
Though we use Sucuri on our websites, and it helps us improve our sites’ security, the best recommendation is to control what access you’re giving to them or any other security plugin.
My experience was the opposite. I recently bought Sucuri Deluxe on Godaddy. I needed tech support (AFTER I had paid) to get some aspects of their firewall working. I opened a ticket and the response was almost immediate. And they talked back and forth with me until I was fully satisfied that it was resolved. I’ve been quite satisfied with Godaddy for the 16 years I’ve been using them.
To all who commented…Thank you. If anyone has heard differently please reply
It was quite irritating when Sucuri blocked a safe website that I have been using for months! The website was also working yesterday.
I used & paid for sucuri services for years… and when I canceled my plan and then tried to use a backup that I had previously paid for and downloaded, I found that it’s encrypted & I can’t even use it. I contacted them hoping they would actually do the right thing & provide me with an unencrypted version since I actually paid for the backup. I was told my Brett the chat rep that he was going to be crystal clear so I would stop contacting them for anything… until I reactivate my account & pay for their services again, they were not going to do anything for me. He said “we are not offering charity services to you”. Thank you sucuri for showing me your true colors, company values & culture. Cheers.
Sucuri are the devil. Avoid them.
Sucuri are total garbage pricing model is made to nickel and dime. Support never hets you in 24 hours or less. And I have yet to get my refind from the time I cancelled week 2 in the trail period. Thieves and liars.
Sucuri has bad customer service with zero tolerance. I used their professional service for a year without much issue but few days after I renewed for another year, their script complicated my website.
They finally abruptly removed my website and closed my account with them without proper communication.
Same here. Sucuri is awful. Go with MalCare. They’re cheaper, and if their software fails to handle something, they take care of it. Plus they allow license switching up to once every 3 months.
I agree, I paid top dollars for their service but I’ve been hacked again and pretty badly despite following their advices. No 24/7 support either. Look elsewhere, forget about Sucuri. I wish I knew better.
Sucuri is absolute rubbish. Avoid at all costs. Expect astonishingly terrible customer service, or lack thereof. Put in a ticket because there are no live humans to help you. Owned by GoDaddy now so that about explains it. Once you submit a ticket, expect to wait an eternity for a reply. Then when you reply to their reply, expect to wait another eternity. Their Web application firewall also. Blocked my Adsense so wound up costing me about 60 dollars so far in lost advertising revenue. My contempt for this company knows no boundaries. Steer clear. You’ll regret it if you don’t.