A year ago I wrote an article about what to do if your website has been hacked and recommended that you sign up for Sucuri. Sucuri will monitor your site on a scheduled basis, send you emails, tweets, text messages or instant messages when your site has been hacked or infected with malware, clean the site as many times as necessary in the course of the year you’ve paid for, and provide you with peace of mind. It is my most highly recommended service of all of the ones that I use.
Sucuri now has two WordPress plugins for subscribers and non-subscribers of their service. Both are useful and the one for subscribers has so many features that it’s yet another reason to start using Sucuri’s services.
Security Security Plugin (for Sucuri Subscribers)
The Sucuri Security plugin is available via the dashboard for Sucuri subscribers. It offers the following features:
- Firewall – The firewall is designed to protect the site from brute force attacks and unauthorized access. All bad IP addresses are logged and blocked. The firewall application communicates with Sucuri’s servers so once a bad IP is identified it is added and all users are protected from that IP address. In the plugin settings you will be able to see a list of all blocked IP’s and whitelist any that shouldn’t be blocked.
- Monitoring – This compares your installation to a clean version of WordPress and provides a report of all changed files and issues, such as needing to upgrade WordPress. In the future Sucuri plans to add theme, plugin, and 3rd party security checks within the monitoring.
- Reports – The reports show a list of all activity, such as blocked IP’s, login attempts and changed files. The report can be filtered via type of event and time period.
- Activity Logs – The activity log shows every action that has occurred on your site – logins, login attempts, changed files, new posts, etc. All activity can be monitored to ensure there is no unauthorized activity and to protect the integrity of the site.
- 1-Click Hardening – I really like this feature and it works great. It scans through your WordPress installation, locates potential security issues and allows you correct them with one click or provides quick and easy instructions for making the change. It allows you to hide the WordPress version, secure the configuration file, generate secret keys, protect the upload directory and much more. As with any 1-click WordPress feature, I recommend backing up your site before using it but I have not had a single problem with this feature.
- Link to Sucuri’s Malware Scanner – The plugin also contains an link to Sucuri’s online malware scanner, which is an invaluable tool.
Free Plugin – Sucuri Sitecheck Malware Scanner
This plugin is available for everyone and contains the link to the malware scanner right from the WordPress dashboard. This provides a quick and easy way to do a security scan of your site. You can, however, go directly to the Sucuri site to do the same thing so I don’t think this plugin is nearly as useful as the plugin for Sucuri subscribers.
Are you a Sucuri subscriber? Do you ever use their free scanning too? What do you do to maintain the security of your website?
I am a Sucuri affiliate. It is, by far, the best service I use for my sites.
photo credit: r_gnuce