Is Sucuri worth it?

David Beroff

Well-known member
Registered
Joined
Jun 14, 2016
Messages
1,477
Points
63
Did any one use Sucuri to scan your website for malware or suspicious codes? I see this plugin is very popuplar in Wordpress plugin section and recommended on the net but I don't know it is worth to use or are there any better alternatives to it?
 

VirtuBox

Well-known member
Registered
Joined
May 3, 2016
Messages
1,622
Points
83
Did any one use Sucuri to scan your website for malware or suspicious codes? I see this plugin is very popuplar in Wordpress plugin section and recommended on the net but I don't know it is worth to use or are there any better alternatives to it?
With proper settings on your .htaccess or nginx configuration, you should not need sucuri, wordfence or any other plugin to make wordpress secured.
On any linux server you can use ClamAV to scan your folders. Too many plugins doesn't scan anything if you don't purchase a subscription (#wordfence).
Some examples with Apache :

Code:
# Stop Apache from serving .ht* files<Files ~ "^\.ht">
Order allow,deny
Deny from all
</Files>

# Protect wp-login
<Files wp-login.php>
AuthUserFile ~/.htpasswd
AuthName "Private access"
AuthType Basic
require user mysecretuser 
</files>

# Block the include-only files.
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^wp-admin/includes/ - [F,L]
RewriteRule !^wp-includes/ - [S=3]
RewriteRule ^wp-includes/[^/]+\.php$ - [F,L]
RewriteRule ^wp-includes/js/tinymce/langs/.+\.php - [F,L]
RewriteRule ^wp-includes/theme-compat/ - [F,L]
</IfModule>
# BEGIN WordPress


<files wp-config.php>
order allow,deny
deny from all
</files>

# BLOCK COMMON EXPLOITS

RewriteCond %{REQUEST_URI} !^/(wp-login.php|wp-admin/|wp-content/plugins/|wp-includes/).* [NC]
RewriteCond %{THE_REQUEST} ^[A-Z]{3,9}\ ///.*\ HTTP/ [NC,OR]
RewriteCond %{THE_REQUEST} ^[A-Z]{3,9}\ /.*\?\=?(http|ftp|ssl|https):/.*\ HTTP/ [NC,OR]
RewriteCond %{THE_REQUEST} ^[A-Z]{3,9}\ /.*\?\?.*\ HTTP/ [NC,OR]
RewriteCond %{THE_REQUEST} ^[A-Z]{3,9}\ /.*\.(asp|ini|dll).*\ HTTP/ [NC,OR]
RewriteCond %{THE_REQUEST} ^[A-Z]{3,9}\ /.*\.(htpasswd|htaccess|aahtpasswd).*\ HTTP/ [NC]
RewriteRule .? - [F,NS,L]
 

CaygriWEB

Well-known member
Hosting Provider
Registered
Joined
Jul 4, 2017
Messages
305
Points
18
I never install sucuri on my wp site because it's really heavy and Like say virtubox, if you have a good server configuration it's unuseless
 

David Beroff

Well-known member
Registered
Joined
Jun 14, 2016
Messages
1,477
Points
63
With proper settings on your .htaccess or nginx configuration, you should not need sucuri, wordfence or any other plugin to make wordpress secured.
On any linux server you can use ClamAV to scan your folders. Too many plugins doesn't scan anything if you don't purchase a subscription (#wordfence).
As I thought Sucuri and Wordfence have same features but wordfence can be better to secure your WP website?

I never install sucuri on my wp site because it's really heavy and Like say virtubox, if you have a good server configuration it's unuseless
Of course is more plugins you install more slow for your webpages you will get, but it is just a plugin for scan security for your website, you can install it, test your site and remove it after test.
You don't need to keep it all time when you don't use it.
 

VirtuBox

Well-known member
Registered
Joined
May 3, 2016
Messages
1,622
Points
83
As I thought Sucuri and Wordfence have same features but wordfence can be better to secure your WP website?
Wordfence do nothing if you don't purchase the premium plan, and even with the premium plan, it's only a plugin. It's really more efficient to purchase a pro plan on Cloudflare to use their Web Application Firewall with their WordPress configuration.

Of course is more plugins you install more slow for your webpages you will get, but it is just a plugin for scan security for your website, you can install it, test your site and remove it after test.
You don't need to keep it all time when you don't use it.
Try to install wordfence, remove it and then check your database, you will see all tables created by wordfence are still in your database.
On internet, and especially in wordpress, if a plugin is not open-source, it will not do anything for free. It's just a way to advertise.
 

CaygriWEB

Well-known member
Hosting Provider
Registered
Joined
Jul 4, 2017
Messages
305
Points
18
Wordfence still sucuri need for very old version of wp or old theme.
but it isn't necessary

Wordfence create 12 table on database.
 

24x7serverman

Well-known member
Hosting Provider
Registered
Joined
Jul 25, 2017
Messages
651
Points
28
If you will enable the plugins then it will slow down the site. If there are already security measures on the server where you have hosted the site then you can ignore. Just make sure to patch the scripts with the help of developer regularly and also update the WordPress when there is now update available.

As per previous advises, if you want you can enable the plugin just for sometime and again disable it so there won't be any high resource usage issue.
 
Older Threads
Replies
4
Views
4,437
Replies
13
Views
7,234
Replies
7
Views
7,147
Similar Threads
Replies
1
Views
1,243
Replies
11
Views
3,952
Replies
1
Views
1,948
Replies
2
Views
4,083
Replies
5
Views
4,487

Latest Hosting OffersNew Reviews

Sponsors

Tag Cloud

You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an alternative browser.

Top