Is Sucuri worth it?

David Beroff

Well-known member
Registered
Joined
Jun 14, 2016
Messages
1,488
Points
63
Did any one use Sucuri to scan your website for malware or suspicious codes? I see this plugin is very popuplar in Wordpress plugin section and recommended on the net but I don't know it is worth to use or are there any better alternatives to it?
 

VirtuBox

Well-known member
Registered
Joined
May 3, 2016
Messages
1,622
Points
83
Did any one use Sucuri to scan your website for malware or suspicious codes? I see this plugin is very popuplar in Wordpress plugin section and recommended on the net but I don't know it is worth to use or are there any better alternatives to it?
With proper settings on your .htaccess or nginx configuration, you should not need sucuri, wordfence or any other plugin to make wordpress secured.
On any linux server you can use ClamAV to scan your folders. Too many plugins doesn't scan anything if you don't purchase a subscription (#wordfence).
Some examples with Apache :

Code:
# Stop Apache from serving .ht* files<Files ~ "^\.ht">
Order allow,deny
Deny from all
</Files>

# Protect wp-login
<Files wp-login.php>
AuthUserFile ~/.htpasswd
AuthName "Private access"
AuthType Basic
require user mysecretuser 
</files>

# Block the include-only files.
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^wp-admin/includes/ - [F,L]
RewriteRule !^wp-includes/ - [S=3]
RewriteRule ^wp-includes/[^/]+\.php$ - [F,L]
RewriteRule ^wp-includes/js/tinymce/langs/.+\.php - [F,L]
RewriteRule ^wp-includes/theme-compat/ - [F,L]
</IfModule>
# BEGIN WordPress


<files wp-config.php>
order allow,deny
deny from all
</files>

# BLOCK COMMON EXPLOITS

RewriteCond %{REQUEST_URI} !^/(wp-login.php|wp-admin/|wp-content/plugins/|wp-includes/).* [NC]
RewriteCond %{THE_REQUEST} ^[A-Z]{3,9}\ ///.*\ HTTP/ [NC,OR]
RewriteCond %{THE_REQUEST} ^[A-Z]{3,9}\ /.*\?\=?(http|ftp|ssl|https):/.*\ HTTP/ [NC,OR]
RewriteCond %{THE_REQUEST} ^[A-Z]{3,9}\ /.*\?\?.*\ HTTP/ [NC,OR]
RewriteCond %{THE_REQUEST} ^[A-Z]{3,9}\ /.*\.(asp|ini|dll).*\ HTTP/ [NC,OR]
RewriteCond %{THE_REQUEST} ^[A-Z]{3,9}\ /.*\.(htpasswd|htaccess|aahtpasswd).*\ HTTP/ [NC]
RewriteRule .? - [F,NS,L]
 

CaygriWEB

Well-known member
Hosting Provider
Registered
Joined
Jul 4, 2017
Messages
305
Points
18
I never install sucuri on my wp site because it's really heavy and Like say virtubox, if you have a good server configuration it's unuseless
 

David Beroff

Well-known member
Registered
Joined
Jun 14, 2016
Messages
1,488
Points
63
With proper settings on your .htaccess or nginx configuration, you should not need sucuri, wordfence or any other plugin to make wordpress secured.
On any linux server you can use ClamAV to scan your folders. Too many plugins doesn't scan anything if you don't purchase a subscription (#wordfence).
As I thought Sucuri and Wordfence have same features but wordfence can be better to secure your WP website?

I never install sucuri on my wp site because it's really heavy and Like say virtubox, if you have a good server configuration it's unuseless
Of course is more plugins you install more slow for your webpages you will get, but it is just a plugin for scan security for your website, you can install it, test your site and remove it after test.
You don't need to keep it all time when you don't use it.
 

VirtuBox

Well-known member
Registered
Joined
May 3, 2016
Messages
1,622
Points
83
As I thought Sucuri and Wordfence have same features but wordfence can be better to secure your WP website?
Wordfence do nothing if you don't purchase the premium plan, and even with the premium plan, it's only a plugin. It's really more efficient to purchase a pro plan on Cloudflare to use their Web Application Firewall with their WordPress configuration.

Of course is more plugins you install more slow for your webpages you will get, but it is just a plugin for scan security for your website, you can install it, test your site and remove it after test.
You don't need to keep it all time when you don't use it.
Try to install wordfence, remove it and then check your database, you will see all tables created by wordfence are still in your database.
On internet, and especially in wordpress, if a plugin is not open-source, it will not do anything for free. It's just a way to advertise.
 

CaygriWEB

Well-known member
Hosting Provider
Registered
Joined
Jul 4, 2017
Messages
305
Points
18
Wordfence still sucuri need for very old version of wp or old theme.
but it isn't necessary

Wordfence create 12 table on database.
 

24x7serverman

Well-known member
Hosting Provider
Registered
Joined
Jul 25, 2017
Messages
651
Points
28
If you will enable the plugins then it will slow down the site. If there are already security measures on the server where you have hosted the site then you can ignore. Just make sure to patch the scripts with the help of developer regularly and also update the WordPress when there is now update available.

As per previous advises, if you want you can enable the plugin just for sometime and again disable it so there won't be any high resource usage issue.
 
Older Threads
Replies
4
Views
4,742
Replies
13
Views
7,547
Replies
7
Views
7,467
Recommended Threads
Replies
2
Views
1,421
Replies
7
Views
3,712
Replies
2
Views
1,710
Replies
0
Views
3,246
Similar Threads
Replies
1
Views
1,322
Replies
11
Views
4,243
Replies
1
Views
2,145
Replies
2
Views
4,264
Replies
5
Views
4,667

Latest Hosting OffersNew Reviews

Sponsors

Tag Cloud

You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an alternative browser.

Top