The two most important things you need to secure your WordPress powered site are – a good backup solution and a firewall. Although I had previously shared an article on improving WordPress’ security, I am here presenting to you the best firewall you can provide for your site which is well worth its cost.
Whether your site is as popular as WPBeginner and ShoutMeLoud or just a normal blogging site where you publish articles regularly, security is a very important aspect of any website. This is because once your site grows popular, outperforms your competitors in business or is in the middle of a controversy, organizations will hire hackers (mostly script kiddies) to take it down.
You may have already protected your wp-admin directory with a password, disabled PHP execution, changed the default WordPress database prefix, etc. but still there are chances for your site to get exploited. That is exactly where Sucuri Security – the security and firewall plugin comes into the picture.
You might even be making use of a managed WordPress hosting provider with premium CDNs dreaming that your site is free from vulnerabilities and hackers. But hey, during attacks maybe your site won’t go down immediately but there are many chances for it to get kicked out from their servers. For example, an independent and well-known security researcher (Brian Krebs) was dropped by Akamai (CDN) for record DDoS attack on his site by a botnet and OVH ( his hosting provider) suffered 1100 Gbps DDoS.
It's looking likely that KrebsOnSecurity will be offline for a while. Akamai's kicking me off their network tonight.
— briankrebs (@briankrebs) September 22, 2016
Before going with Sucuri Security’s Web Application Firewall (WAF), you can play around with their free Security Scanner plugin. If you are satisfied with it, you can then go for their premium firewall service.
Table of Contents
Sucuri Website Security
Sucuri is a company specializing in fixing hacked sites and protecting them using their Web Application Firewall (WAF) for any platform, be it WordPress, Joomla, Magento, Drupal, phpBB or vBulletin at an affordable price. Their motto is to protect your website from hackers, malware, DDoS, and blacklists.
What happens when you enable Sucuri Security?
Once you enable Sucuri for your site, all the traffic coming to your site goes through their CloudProxy firewall before reaching your site’s hosting server. By doing so, any attacks on your site are effectively blocked and only the legitimate visitors can access your site.
There are three main advantages that come bundled when you enable Sucuri Web Application Firewall are –
- It makes your website more secure.
- Reduces the load on your website’s server because all malicious requests are filtered out.
- It is fully compatible with other firewalls such as Cloudflare and acts as an extra layer of defense.
You needn’t wait for long periods to feel the power of Sucuri’s WAF. Just install, activate and feel the difference – it is as simple as that. Sucuri provides you with an attack overview graph inside the Sucuri dashboard for you to easily understand the type of attacks your site is bombarded with and how many of them have been thwarted.
Here is a list of the most commonly blocked requests –
- Blacklisted IP addresses
- Access by bad bots
- Backdoor location
- DDoS attacks
- Access by fake bots
- Evasion attempts
- Spam requests
- Scanning tool
Most of the exploits are blocked by virtual patching on the fly.
The main problem nowadays is that many people including you think that you do not need a security service for your website. You are wrong. Often, it is the smaller sites that get hacked as it is easy to exploit because they do not take any security precautions.
More importantly, if you are running a business or eCommerce store, Sucuri WAF is a must-have plugin for your site.
Reasons to Love Sucuri Security
Since Sucuri is one of the leading security companies protecting various content management systems, they proactively research and report potential security issues to WordPress core team as well as third-party plugin developers. All patches to the plugin are applied directly to the WAF so that in case you haven’t updated the affected plugins yet, you will still be protected from that vulnerability.
Sucuri also comes with an antivirus package which constantly scans your site for malware, malicious JavaScript & iframes, suspicious redirects, spammy links, etc. It will also make sure your site is not blacklisted by popular services like Google, Norton, AVG, PhishTank, etc.
Everything is logged. Yes, it keeps track of every event that happens within your site – file changes, file permissions, new posts and users, last login records, failed login attempts, etc. They also offer malware cleanup services with no page limits along with blacklist removal from site security monitoring services.
Final Words
Sucuri is simply the best and affordable well-known security service among the WordPress community. For just $199 per year, it is the best investment you can make on your site. You will also be getting an SSL Certificate & PCI Compliance as an added bonus for your site. Also, if your site gets hacked you can have a peace of mind as their security experts will do the heavy lifting for you.
Sucuri may look simple on the front-end but they offer a wide variety of sophisticated security services for their customers. If your site is constantly targeted with powerful DDoS attacks, you can upgrade to their Business plan and avail Layers 3, 4 & 7 DDoS protection.
Sucuri Security engineers are pioneers in their industry and have been featured in online publications such as Mashable, ZDNet, PC World, Forbes and Ars Technica.
Thus I hope you found my Sucuri review useful. If you are seriously looking forward to improving your WordPress security, then you should check out Sucuri and give them a try (30 days money-back guarantee).