WordPress Security has become increasingly critical with malware hackers trying to invade WordPress websites. It’s not just big-company websites anymore. Thousands of small sites are being hit every day.
Why is Website Security So Critical?
I was first introduced to how common websites are attacked when working for a large corporation that offered real-time stock quotes. We were hacked once that brought down our site for almost the entire day. But, I had no idea how many smaller sites are attacked each day until I had my own WordPress sites. I was attacked by malware and it infected all 18 of my websites! Their interest? They installed adware so that visitors would be redirected to their ads so they could generate revenue. Now that it’s fixed I still get attempted attacks every day!
The common misconception about website security is that only high-traffic, popular websites are targeted. Not true! The big companies that I’ve worked at have millions of dollars to throw at security hardware and software to avoid these attacks. So, hackers would much rather exploit several more vulnerable sites – such as WordPress blogs.
If you can imagine there are close to 70 million websites running on WordPress alone. How many of those website owners have taken those extra precautions of hardening their WordPress sites? Many of them would have even left their administration username set to the default ‘admin’. And this is just for WordPress alone. And, there are other platforms than WordPress. Thousands or millions of other types of sites that may be even more vulnerable.
Usually WordPress site owners take measures into their own hands, with a security plugin or two. Others may have been hacked before and it was so devastating they’re paying a consultant or security company huge amounts to prevent it in the future. I’ve had to make those decisions myself. It only takes one vulnerability, such as an out of date plugin, to trip you up.
Most CMS’s out there like WordPress have semi-reliable plugins that can improve the security of your website. But, you need to rely on your own technical skills to review them and keep them up to date or they may create vulnerabilities themselves. There are excellent WordPress plugins out there that are free, but only offer limited capabilities unless you opt for the paid versions.
Another limitation of WordPress security plugins (especially the free ones) is that you would need to download several plugins in order to cover all the security vulnerabilities. Unfortunately, this is not a case where more is better. Some plugins are likely to conflict. Also, the more plugins you have, the slower your website would be and (ironically) the more vulnerable too.
Why should I choose Sucuri as my WordPress Security Solution?
There are a million reasons why I would recommend Sucuri. The company offers a website monitoring, malware removal and all the related website security services that you would need. In short, these guys are the superheroes who monitor the web and will save the day of any website owner. Here are my top 8 reasons why I think Sucuri are awesome:
1. Several Website Platforms Supported
Sucuri’s products and services are not just for WordPress. They support websites running on Joomla, Drupal, PHP, .NET and standard HTML. From my experience and feedback I’ve read they specialize in WordPress, probably due to popularity. However, Joomla and Drupal are handled with no issues. Standard HTML sites are supported based on your code.
2. Website Security Monitoring
The Sucuri sitecheck scanner automatically scans your website to ensure it is clean of malware, suspicious redirects, iframes, link injections etc. You can manually set the frequency with which the scanner runs its tests for malware and blacklisting, content changes in the core files, WHOIS changes and DNS changes. In addition to this, the security scanner also ensures that your website is not blacklisted by Google, Norton, PhishTank, Opera, SiteAdvisor, Yandex, and, of course their own Sucuri blacklist.
3. Server-Side Scanning
The Sucuri dashboard also offers a view that will enable you to monitor the activities that are going on in your web server. The system scans your web server so as to ensure that there are no suspicious files or activities going on. In addition to this, it also shows andy file changes so that you are fully aware about what is going on in the back-end of your website.
4. WordPress Security Plugin
For WordPress website owners, Sucuri offer a free plugin that you can install just like a normal WordPress plugin. This will audit all your website activities such as file changes, new post additions, user logging (and failed login attempts), file uploads etc. The plugin also ensures that your core WordPress files are intact – something which is indispensable, given that some hackers try to hide malware inside files that at first glance look legitimate. And if that is not enough, the plugin also has a 1-click hardening feature which will enable you to harden your WordPress installation with a simple click of a button!
5. Security Alerts
If the Sucuri website monitoring system detects something on your website, you are immediately notified. Sucuri offer a number of methods which you can configure with ease – email, Twitter, SMS, IMs and RSS. I get mine through email. Most alerts are not critical but it’s good to be safe than sorry.
6. Impeccable Support 24/7
Probably should be listed first, but since they get back to you within 4 hours it’s listed six. However, based on all feedback this is one of Sucuri’s biggest attributes. Once you see a problem, or have an important question, they’re right on it – usually within an hour. In addition to this, they still provide support outside these hours (although it takes a bit longer). Support is offered via a support ticketing system that is accessible via the dashboard.
7. Malware Cleanup
Last but definitely not least, the Sucuri team will not only locate the malware but they will also clean your website for you! Their website malware cleanup service is not limited by the number of pages or the frequency with which you request it. What’s even better is that you can purchase a subscription plan even if your website is already hacked. And if that is not enough, these guys will even help you with removing your website from Google blacklisting.
8. Affordable WordPress Security
After reading this review, you would definitely agree that Sucuri will cover all your security needs. Naturally, you would expect that this service runs into the thousands of dollars, right? NO!
The entry level Basic package, which is ideal for blogs only costs $199.99 per year or $16.66/month if billed annually and includes:
- Malware Removal & Hack Repair
- Continuous Malware & Hack Scanning
- Brand Reputation & Blacklist Monitoring
- Advanced Denial of Service (DDoS) Protection
- Ticket-based Customer Support
If you have an e-commerce website then there is the Pro package ($299.99/year) which boasts of faster response times and more frequent scanning and monitoring. Larger businesses can also opt for the Business package ($499.99/year) which has the fastest response time (4 hours), most frequent scans (every 1/2 hr) as well as ticket and instant chat support.
Overall our assessment of Sucuri is that it’s very stable, easy to use, and one of the most affordable choices for all it offers. Support is so important and you get it here. Professional, yet affordable WordPress Security monitoring and malware removal starting at just $16.66/month billed annually.