Whenever we’re asked about WordPress security tips, our top 2 recommendations are get a good WordPress backup solution and start using Sucuri website firewall. In this article, we will share our honest review of Sucuri’s website firewall and why it’s worth every single penny!
Full Disclosure: No we did not get paid to write this Sucuri review. We’re just happy customers of Sucuri. They have a referral program available for all their customers, so if you decide to use Sucuri by clicking on our referral link in this article, then we will get a small commission. However we only recommend services that we personally use and believe will add value to our readers.
A Little Background
WPBeginner is one of the largest free WordPress resource sites on the planet. Because of that, we often have to deal with website attacks. This includes brute force attacks, feed attacks, DDoS, and a whole lot of spam.
That’s why we have always been extremely cautious. We have a real-time WordPress backup solution in place.
On top of that, we have password-protected our wp-admin directory, disabled PHP execution, changed the default WordPress database prefix, and basically followed every other security “hardening” trick.
While you can follow all the “prevention” best practices at the software “WordPress” level, the reality of the matter is that security has to be addressed at the hosting server level and more importantly the DNS level.
During the attacks, our website would slow down significantly due to the high server load. Sometimes it would even cause the server to restart causing downtime.
That’s when we started looking for a DNS level firewall solution.
We already had the Sucuri WordPress plugin installed on the site, so we decided to give their web application firewall (WAF) a try.
Some of you are probably confused by the tech-lingo and wondering what does Sucuri do and what is a WAF?
Overview of Sucuri
Sucuri is a website security company that specializes in WordPress security. They protect your website from hackers, malware, DDoS and blacklists.
When you enable Sucuri, all your site traffic goes through their cloudproxy firewall before coming to your hosting server. This allows them to block all the attacks and only send you legitimate visitors.
See the illustration below:
The biggest benefit of Sucuri is that it makes your website secure. On top of that, the firewall makes your website faster, and you save money on your hosting bill because your server load goes down significantly.
As soon as we enabled the Sucuri firewall, we started seeing the difference in performance. The attack overview inside the Sucuri dashboard was just eye opening.
WPBeginner’s Sucuri Firewall Results
Within the first three months, Sucuri helped us block over 450,000 WordPress attacks.
A break down of some of the common blocked requests:
- Exploit blocked by virtual patching (115,946 blocked attempts)
- Blacklisted IP address (72,495 blocked attempts)
- Bad bot access denied (45,299 blocked attempts)
- Backdoor location denied (29,690 blocked attempts)
- DDOS attempt blocked (29,676 blocked attempts)
- Fake bot access (24,571 blocked attempts)
- Evasion attempt denied (21,887 blocked attempts)
- Spam request blocked (14,313 blocked attempts)
- Scanning tool blocked (13,842 blocked attempts)
Now most of you are probably thinking that WPBeginner is a huge site that’s why we’re a bigger target.
Not entirely true. Often smaller sites are an easier target for hackers because they don’t take any security precautions. At this very moment, your website is probably getting attacks, and you just don’t know about it.
Sadly, when most people find out it’s a bit too late because they’re hacked. That’s why articles like how to find a backdoor in a hacked WordPress site and how to fix “this site ahead contains harmful programs” error are among the most popular on WPBeginner.
If you are running a business website, then Sucuri is a MUST HAVE solution because it offers complete end-to-end WordPress security.
5 Reasons Why We Love Sucuri
We are absolutely in love with Sucuri. Aside from using it on WPBeginner.
Below are the 5 reasons why we love Sucuri.
1. Blocks all the Attacks
Sucuri’s firewall blocks all the attacks before it even touches our server. Since they’re one of the leading security companies, Sucuri proactively research and report potential security issues to WordPress core team as well as third-party plugins.
Their team closely works with the respective developers in fixing the security issues. Once fixed, Sucuri patches those vulnerabilities at the firewall level in case you didn’t get a chance to update your plugin fast enough.
For example, the recent Elegant Themes vulnerability that was disclosed was already patched on Sucuri’s servers before you updated your plugins and themes. Meaning your site was ALWAYS secure.
2. Website Integrity Monitoring
The scanner also makes sure that our site is not blacklisted by any of the popular services like Google, Norton, AVG, Phishtank, Opera and others.
This helps you keep your reputation intact and keeps your users from seeing warnings like these:
3. Site Audit Log
Sucuri’s WordPress plugin keeps track of every thing that happens on your site.
This includes file changes, new posts, new users, last logins, failed login attempts, and more.
4. Server Side Scanning
When you’re dealing with smart hackers, you need to account for everything. Some hackers don’t care about infecting your users with malwares. Maybe they just want to add banner ads in your old post or replace your affiliate links.
These kind of hacks are very hard to catch because they’re not as obvious, and you won’t get blacklisted for these.
That’s when the server side scan comes in handy. Sucuri’s server side scanner goes through every single file (even non-WordPress files) to ensure that nothing suspicious exist on your server.
It also audit events like file changes and such to keep you informed.
Even though all the reasons above well justify the cost, they also offer malware cleanup service with no page limits along with blacklist removal. We haven’t had to use this part of the service yet, but can you imagine having security experts cleaning up your site.
On average security experts charge $250 / hour for consulting.
Since this can get quite expensive, Sucuri has an extra incentive to make sure that your website never gets hacked.
Our Final Thoughts – Sucuri Review
Day after day, we hear stories of people’s websites getting hacked. We can honestly say that Sucuri is hands down the best and most cost effective security service in the WordPress industry.
For $199 / year, it is the best insurance you can buy for your online business.
If government websites can be hacked, then so can yours – no matter what you do. However it’s much better to find out that your website is hacked from a monitoring service rather than finding out from your users or better yet from Google when they blacklist your website.
More importantly, it’s definitely worth the peace of mind knowing that if something were to happen, we have a team of security experts who’ll help us clean everything properly.
Sucuri is a leading security company and they’ve been mentioned in major publications like CNN, USAToday, TechCrunch, TheNextWeb, and tons more. We have personally met with their co-founder and CEO, Tony Perez, and can honestly say that they are a trustworthy company, and we’re in good hands.
All the times that we have interacted with Sucuri’s support team, they have been quick, polite, and helpful.
If we were to rate Sucuri’s service and support, we would give them a 5 out of 5.
We hope you found our Sucuri review helpful. If you’re thinking about improving your WordPress security, then definitely check out Sucuri and give them a try.
Full Disclosure: No we did not get paid to write this Sucuri review. We’re happy customers of Sucuri. They have a referral program available for all their customers, so if you decide to use Sucuri by clicking on our referral link in this article, then we will get a small commission. However we only recommend services that we personally use and believe will add value to our readers.