When you want to know about WordPress security tips, our top 2 recommendations get a good WordPress backup solution and start using Sucuri Website firewall. In this article, we will discuss Sucuri’s website firewall and why it’s different from others. We will speak on behalf of WPBeginner.
Full Disclosure: we did not get the recommendation to write this Sucuri review. We’re just satisfied customers of Sucuri. They have a referral program available for all their customers, so if you decide to use Sucuri by clicking on our referral link in this article, then we will get a small commission. However, we only recommend services that we personally use and believe will add value to our readers.
A Little Background
The largest free WordPress resource sites on the planet is WPBeginner . For that, we often have to deal with website attacks. This includes brute force attacks, feed attacks, DDoS, and a whole lot of spam.
That’s why we have always been extremely cautious. We have a real-time WordPress backup solution in place.
On the highest position of that, we have password-protected our wp-admin directory,disabled PHP execution,Changed the default WordPress database prefix, and basically followed every other security “hardening” trick.
While you can follow all the “prevention” best practices at the software “WordPress” level, the reality of the matter is that security has to be addressed at the hosting server level and more importantly the DNS level.
On the attacks time, our website would slow down significantly due to the server load which is high. Sometimes it would even cause the server to restart causing downtime.
That’s when we started looking for a DNS level firewall solution.
We already installed Sucuri wordpress plugin on the site, so we decided to give their web application firewall (WAF) as a try.
If you are probably confused by the tech-lingo and wondering what does Sucuri do and what is a WAF?
Overview of Sucuri
Sucuri is a company which works for website security that specializes in WordPress security. They protect your website from hackers, malware, DDoS and blacklists.
If you enable Sucuri, all your site traffic goes through their cloud proxy firewall before coming to your hosting server. This allows them to block all the attacks and only send you legitimate visitors.
See the illustration given in below:
The benefits of Sucuri is that it makes your website secure is in the highest position. The firewall makes your website faster, and you save money on your hosting bill because your server load goes down significantly.
As soon as we enabled the Sucuri firewall, we started noticing the difference between Sucuri and others in performance. The attack overview inside the Sucuri dashboard was just eye-opening.
WPBeginner’s Sucuri Firewall Results
Within the first three months, Sucuri helped us block over 450,000 WordPress attacks.
A break down of some of the common blocked requests are given in below:
- Exploit blocked by virtual patching (115,946 blocked attempts)
- Blacklisted IP address (72,495 blocked attempts)
- Bad bot access denied (45,299 blocked attempts)
- Backdoor location denied (29,690 blocked attempts)
- DDOS attempt blocked (29,676 blocked attempts)
- Fake bot access (24,571 blocked attempts)
- Evasion attempt denied (21,887 blocked attempts)
- Spam request blocked (14,313 blocked attempts)
- Scanning tool blocked (13,842 blocked attempts)
Now, most of you are probably thinking that WPBeginner is a huge site that’s why we’re a bigger target.
That is not entirely true. Most of the smallest sites are an easier target for hackers because they don’t take any security precautions. At this moment, your website is probably getting attacks, and you just don’t know about it.
It is a matter of sorrow that when most people find out it’s a bit too late because they’re hacked. That’s why articles like how to find a backdoor in a hacked WordPress site and how to fix “this site ahead contains harmful programs” error is among the most popular on WPBeginner.
If you are running a business website, then Sucuri is a MUST HAVE solution because it offers complete end-to-end WordPress security.
5 Reasons Why We Love sucuri
We are in love with Sucuri. Aside from using it on WPBeginner, we’re also using it on our other sites like List25 and syedBalkhi.com.
Below are the 5 reasons why we love Sucuri.
1. Blocks all the Attacks
Before it even touches our server Sucuri’s firewall blocks all the attacks. Since they’re one of the leading security companies, Sucuri proactively researches and report potential security issues to WordPress core team as well as third-party plugins.
Their team works with the respective developers in fixing the security issues very closely. After fixing, Sucuri patches those vulnerabilities at the firewall level in case you didn’t get a chance to update your plugin fast enough.
For example, the recent Elegant themes vulnerability that was disclosed was already patched on Sucuri’s servers before you updated your plugins and themes. Meaning your site was ALWAYS secure.
2. Website Integrity Monitoring
The scanner also makes sure that our site is not blacklisted by any of the popular services like Google, Norton, AVG, Phishtank, Opera, and others.
This helps you keep your reputation intact and keeps your users from seeing warnings like these:
3. Site Audit Log
Sucuri’s WordPress plugin keeps track of everything that happens on your site.
This included file changes, new posts, new users, last logins, failed login attempts, and more.
4. Server Side Scanning
When you’re dealing with hackers who are smart, then you need to account for everything. Most of the hackers don’t care about infecting your users with malware. Maybe they just want to add banner ads in your old post or replace your affiliate links.
These kind of hacks are very hard to catch because they’re not as obvious, and you won’t get blacklisted for these.
That’s when the server side scan comes in handy. Sucuri’s server-side scanner goes through every single file (even non-WordPress files) to ensure that nothing suspicious exist on your server.
It also audit events like file changes and such to keep you informed.
5. Malware Cleanup Service
If all the reasons above well justify the cost, they also offer malware cleanup service with no page limits along with blacklist removal. We haven’t had to use this part of the service yet, but can you imagine having security experts cleaning up your site.
On average security experts charge $250 / hour for consulting.
Since this can get quite expensive, Sucuri has an extra incentive to make sure that your website never gets hacked.
Our Final Thoughts – Sucuri Review
Day after day, we hear the stories about the people’s websites which getting hacked. We can honestly say that Sucuri is hands down the best and most cost-effective security service in the WordPress industry.
It is the best insurance you can buy for your online business for $199 / year
If government websites can be hacked, then so can yours – no matter what you do. However, it’s much better to find out that your website is hacked from a monitoring service rather than finding out from your users or better yet from Google when they blacklist your website.
More importantly, it’s definitely worth the peace of mind knowing that if something were to happen, we have a team of security experts who’ll help us clean everything properly.
Sucuri is a leading security company and they’ve been mentioned in major publications like CNN, USAToday, TechCrunch, TheNextWeb, and tons more. We have personally met with their co-founder and CEO, Tony Perez, and can honestly say that they are a trustworthy company, and we’re in good hands.
All the times that we have interacted with Sucuri’s support team, they have been quick, polite, and helpful.
If we were to rate Sucuri’s service and support, we would give them a 5 out of 5.
We hope you found our Sucuri review helpful.