Is Sucuri worth it?

David Beroff · Jul 21, 2017

Did any one use Sucuri to scan your website for malware or suspicious codes? I see this plugin is very popuplar in Wordpress plugin section and recommended on the net but I don't know it is worth to use or are there any better alternatives to it?

VirtuBox · Jul 21, 2017

David Beroff said:
Did any one use Sucuri to scan your website for malware or suspicious codes? I see this plugin is very popuplar in Wordpress plugin section and recommended on the net but I don't know it is worth to use or are there any better alternatives to it?

With proper settings on your .htaccess or nginx configuration, you should not need sucuri, wordfence or any other plugin to make wordpress secured.
On any linux server you can use ClamAV to scan your folders. Too many plugins doesn't scan anything if you don't purchase a subscription (#wordfence).
Some examples with Apache :

Code:

# Stop Apache from serving .ht* files<Files ~ "^\.ht">
Order allow,deny
Deny from all
</Files>

# Protect wp-login
<Files wp-login.php>
AuthUserFile ~/.htpasswd
AuthName "Private access"
AuthType Basic
require user mysecretuser 
</files>

# Block the include-only files.
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^wp-admin/includes/ - [F,L]
RewriteRule !^wp-includes/ - [S=3]
RewriteRule ^wp-includes/[^/]+\.php$ - [F,L]
RewriteRule ^wp-includes/js/tinymce/langs/.+\.php - [F,L]
RewriteRule ^wp-includes/theme-compat/ - [F,L]
</IfModule>
# BEGIN WordPress


<files wp-config.php>
order allow,deny
deny from all
</files>

# BLOCK COMMON EXPLOITS

RewriteCond %{REQUEST_URI} !^/(wp-login.php|wp-admin/|wp-content/plugins/|wp-includes/).* [NC]
RewriteCond %{THE_REQUEST} ^[A-Z]{3,9}\ ///.*\ HTTP/ [NC,OR]
RewriteCond %{THE_REQUEST} ^[A-Z]{3,9}\ /.*\?\=?(http|ftp|ssl|https):/.*\ HTTP/ [NC,OR]
RewriteCond %{THE_REQUEST} ^[A-Z]{3,9}\ /.*\?\?.*\ HTTP/ [NC,OR]
RewriteCond %{THE_REQUEST} ^[A-Z]{3,9}\ /.*\.(asp|ini|dll).*\ HTTP/ [NC,OR]
RewriteCond %{THE_REQUEST} ^[A-Z]{3,9}\ /.*\.(htpasswd|htaccess|aahtpasswd).*\ HTTP/ [NC]
RewriteRule .? - [F,NS,L]

CaygriWEB · Jul 22, 2017

I never install sucuri on my wp site because it's really heavy and Like say virtubox, if you have a good server configuration it's unuseless

David Beroff · Jul 22, 2017

VirtuBox said:
With proper settings on your .htaccess or nginx configuration, you should not need sucuri, wordfence or any other plugin to make wordpress secured.
On any linux server you can use ClamAV to scan your folders. Too many plugins doesn't scan anything if you don't purchase a subscription (#wordfence).

As I thought Sucuri and Wordfence have same features but wordfence can be better to secure your WP website?

CaygriWEB said:
I never install sucuri on my wp site because it's really heavy and Like say virtubox, if you have a good server configuration it's unuseless

Of course is more plugins you install more slow for your webpages you will get, but it is just a plugin for scan security for your website, you can install it, test your site and remove it after test.
You don't need to keep it all time when you don't use it.

VirtuBox · Jul 22, 2017

David Beroff said:
As I thought Sucuri and Wordfence have same features but wordfence can be better to secure your WP website?

Wordfence do nothing if you don't purchase the premium plan, and even with the premium plan, it's only a plugin. It's really more efficient to purchase a pro plan on Cloudflare to use their Web Application Firewall with their WordPress configuration.

Of course is more plugins you install more slow for your webpages you will get, but it is just a plugin for scan security for your website, you can install it, test your site and remove it after test.
You don't need to keep it all time when you don't use it.

Try to install wordfence, remove it and then check your database, you will see all tables created by wordfence are still in your database.
On internet, and especially in wordpress, if a plugin is not open-source, it will not do anything for free. It's just a way to advertise.

CaygriWEB · Jul 22, 2017

Wordfence still sucuri need for very old version of wp or old theme.
but it isn't necessary

Wordfence create 12 table on database.

24x7serverman · Sep 8, 2017

If you will enable the plugins then it will slow down the site. If there are already security measures on the server where you have hosted the site then you can ignore. Just make sure to patch the scripts with the help of developer regularly and also update the WordPress when there is now update available.

As per previous advises, if you want you can enable the plugin just for sometime and again disable it so there won't be any high resource usage issue.

johnnymorgan · Sep 27, 2017

I never set up sucuri on my wp website because it's really large and Like say virtubox, if you have a great server settings it's unuseless.

Is Sucuri worth it?

David Beroff

Well-known member

VirtuBox

Well-known member

CaygriWEB

Well-known member

David Beroff

Well-known member

VirtuBox

Well-known member

CaygriWEB

Well-known member

VirtuBox

Well-known member

24x7serverman

Well-known member

johnnymorgan

Member

Latest posts New threads

Latest posts

New threads

Latest Hosting Offers New Reviews

Latest hosting offers

Popular Contributors - Past 30 Days

Sponsors

Tag Cloud