WordPress Security… and as a matter of fact, any website security can never be underestimated. We hear about websites belonging to large corporations being hacked … but that is what makes it to the news! Think about the thousands of lesser-known websites that are hacked each year.
Disclaimer: I have not been paid to carry out this recommendation, nor am I involved with the company behind it. I only recommend products or services that I have used personally and which I believe will add value to my readers. Some of the links in the following review are “affiliate links”. This means that if you click on the link and purchase the product or service, I will receive an affiliate commission. Please note that this will not affect the price you pay. With regards to the packages and prices mentioned on this page, while especial care has been devoted to reproducing them accurately, they are only correct as per time of writing. In this regard, it is always advisable for the reader to verify the latest prices on the Sucuri website. I am disclosing all of this in accordance with the Federal Trade Commission’s 16 CFR, Part 255: “Guides Concerning the Use of Endorsements and Testimonials in Advertising.” and Google’s Guidelines on Affiliate Programs.
Why do I need Website Security?
One common misconception about website security is that only high-traffic, popular websites are targeted. From my experience with my clients, I can assure you that this is absolutely not true. On the contrary, the likelihood is that popular websites have a team of experts behind them who ensure that security precautions are in place. Thus, hackers would need craftier hacking skills that need to be carried out by a human. Sure, the prize is more lucrative – but the effort to hack big sites is greater.
Now think about the fact that there are close to 70 million websites running on WordPress alone. How many of those website owners have taken those extra precautions of hardening their WordPress sites? Many of them would have even left their administration username set to the default ‘admin’. And this is just for WordPress alone. There are thousands of websites running on less-popular content management systems (CMSs), some of which were even hand coded by the website developer, which are far more vulnerable. Not only can these types of websites be hacked more easily but they can also be hacked on a large scale through the use of bots.
So is WordPres security something that I can do myself? This is a tough question. I guess the right answer is “yes and no” because it depends on a number of factors – crucial to which is your level of technical expertise. First of all, you can take precautions (and you must!) to ensure the security of your website. Unfortunately though, while some of these precautions can be implemented by a non-technical user, the (often more effective) hardening of the core files require more expertise.
Most CMSs such as WordPress have several plugins that can improve the security of your website. Careful consideration which is based on reading reviews and testing plugins to install is a must. After installing them, you would need to closely monitor them (as well as news about them) to ensure that they are doing their job effectively and that they are not vulnerable themselves.I had passed through this stage and I can assure you it is a lengthy, tiring process. I must admit that there are some truly excellent WordPress plugins out there – and most of them are free. However, one of the main problems that I experienced was that these plugins were, very often, conflicting between themselves and I did find myself locked out from my WordPress site. Other times, I was blocking genuine users and search engine bots.
Another limitation of WordPress security plugins (especially the free ones) is that you would need to download several plugins in order to cover all the security vulnerabilities. Unfortunately, this is not a case where more is better. Some plugins are likely to conflict. Also, the more plugins you have, the slower your website would be and (ironically) the more vulnerable too.
Why should I choose Sucuri as my WordPress Security Solution?
There are a million reasons why I would recommend Sucuri. The company offers a website monitoring, malware removal and all the related website security services that you would need. In short, these guys are the superheroes who monitor the web and will save the day of any website owner. Here are my top 8 reasons why I think Sucuri are awesome:
1. They Support Several Website Platforms
Sucuri’s products and services are not just for WordPress. They support websites running on Joomla, Drupal, PHP, .NET and even good old HTML.
2. Website Security Monitoring
The Sucuri sitecheck scanner automatically scans your website to ensure it is clean of malware, suspicious redirects, iframes, link injections etc. You can manually set the frequency with which the scanner runs its tests for malware and blacklisting, content changes in the core files, WHOIS changes and DNS changes. In addition to this, the security scanner also ensures that your website is not blacklisted by Google, Norton, PhishTank, Opera, SiteAdvisor, Yandex, and, of course their own Sucuri blacklist.
3. Server-Side Scanning
The Sucuri dashboard also offers a view that will enable you to monitor the activities that are going on in your web server. The system scans your web server so as to ensure that there are no suspicious files or activities going on. In addition to this, it also shows andy file changes so that you are fully aware about what is going on in the back-end of your website.
4. WordPress Security Plugin
For WordPress website owners, Sucuri offer a free plugin that you can install just like a normal WordPress plugin. This will audit all your website activities such as file changes, new post additions, user logging (and failed login attempts), file uploads etc. The plugin also ensures that your core WordPress files are intact – something which is indispensable, given that some hackers try to hide malware inside files that at first glance look legitimate. And if that is not enough, the plugin also has a 1-click hardening feature which will enable you to harden your WordPress installation with a simple click of a button!
5. Security Alerts
If the Sucuri website monitoring system detects something on your website, you are immediately notified. Sucuri offer a number of methods which you can configure with ease – email, Twitter, SMS, IMs and RSS.
6. Impeccable Support 24/7
These guys claim that on average they take less than 4 hours during their support hours (8am – 8pm Eastern time, Monday – Friday). I can totally vouch for that. Sometimes, their support staff replies within the hour. In addition to this, they still provide support outside these hours (although it takes a bit longer). Support is offered via a support ticketing system that is accessible via the dashboard. In this way, you would be able to track the status of all your support requests.
7. Malware Cleanup
Last but definitely not least, the Sucuri team will not only locate the malware but they will also clean your website for you! Their website malware cleanup service is not limited by the number of pages or the frequency with which you request it. What’s even better is that you can purchase a subscription plan even if your website is already hacked. And if that is not enough, these guys will even help you with removing your website from Google blacklisting.
8. Affordable WordPress Security!
After reading this review, you would definitely agree that Sucuri will cover all your security needs. Naturally, you would expect that this service runs into the thousands of dollars, right? NO!
The entry level Basic package, which is ideal for blogs only costs $199.99 per year or $16.66/month if billed annually and includes:
- Malware Removal & Hack Repair
- Continuous Malware & Hack Scanning
- Brand Reputation & Blacklist Monitoring
- Advanced Denial of Service (DDoS) Protection
- Ticket-based Customer Support
If you have an e-commerce website then there is the Pro package ($299.99/year) which boasts of faster response times and more frequent scanning and monitoring. Larger businesses can also opt for the Business package ($499.99/year) which has the fastest response time (4 hours), most frequent scans (every 1/2 hr) as well as ticket and instant chat support.
Professional, yet affordable WordPress Security monitoring and malware removal starting at just $16.66/month billed annually … what are you waiting for?