Sucuri Security Plugin Setup for WordPress

Our company is engaged in the development, support and maintenance of sites of any complexity. From simple one-page sites to large-scale cluster systems built on micro services. Experience of developers is confirmed by certificates from vendors.

8+Years of workmore info 900+Completed projectsmore info 100+In house employeesmore info 19+Partnersmore info

Development and maintenance of all types of websites:

Informational websites or web applications

Business card websites, landing pages, corporate websites, online catalogs, quizzes, promo websites, blogs, news resources, informational portals, forums, aggregators

E-commerce websites or web applications

Online stores, B2B portals, marketplaces, online exchanges, cashback websites, exchanges, dropshipping platforms, product parsers

Business process management web applications

CRM systems, ERP systems, corporate portals, production management systems, information parsers

Electronic service websites or web applications

Classified ads platforms, online schools, online cinemas, website builders, portals for electronic services, video hosting platforms, thematic portals

These are just some of the technical types of websites we work with, and each of them can have its own specific features and functionality, as well as be customized to meet the specific needs and goals of the client.

Offered services

Showing 1 of 1 servicesAll 2065 services

Sucuri Security Plugin Setup for WordPress

Simple

~1 business day

FAQ

Our competencies:

Free consultation

Book a free consultation if you have any questions. A dedicated specialist will advise you.

Cost calculation

If you know what exactly you need to develop, or you already have a ready-made technical task.

Development stages

Latest works

Development of a web application for FEEDME
1161
Development of an online store for the company FURNORO
1041
Development of a web application for Enviok
822
CRM development for Chasseurs
847
Website development for SBH Partners
999
Website development for Red Pear
451

Show more works

Sucuri Security Plugin Setup for WordPress

Sucuri offers two products: the free Sucuri Security plugin (audit, scanning, hardening) and the paid Sucuri Firewall / CDN ($9.99/month) — WAF at DNS level. The plugin without Sucuri Firewall is a monitoring tool, not real-time protection.

Free Plugin: Capabilities

Security Activity Auditing — logs all administrative actions: logins, plugin changes, updates. Stores logs in database table and optionally sends to Sucuri API (protection against deletion if compromised).

File Integrity Monitoring — compares core files against official hashes. Detects modified and added files.

Remote Malware Scanning — external scanning via SiteCheck API: checks homepage for malware, blacklist status from Google, Bing, Norton.

Security Hardening — a set of one-click security measures.

Security Hardening

Sucuri → Settings → Hardening. Apply:

✓ Verify WordPress Version (reminds to update)
✓ Remove WordPress Version (removes version from head and RSS)
✓ Block PHP files in the uploads directory
✓ Block PHP files in the wp-content directory
✓ Block PHP files in the wp-includes directory
✓ Information Leakage (removes readme.html, license.txt)

PHP blocking in uploads creates .htaccess:

<Files "*.php">
Order Allow,Deny
Deny from all
</Files>

On Nginx, add the equivalent manually:

location ~* /(?:uploads|files)/.*\.php$ {
    deny all;
}

Alerts Configuration

Sucuri → Settings → Alerts:

Email for alerts: do not use [email protected] — if domain email is compromised, you lose notifications. Use external email.
Alert on new user registration: ✓
Alert on WordPress admin login: ✓ (only for small sites)
Alert on failed login attempt: no (too many emails)
Alert on plugin activated/deactivated: ✓

Post-Hack Actions

If a hack is detected: Sucuri → Post-Hack. Section contains:

Update Secret Keys — generate new keys in wp-config.php, reset all sessions
Reset User Password — reset passwords for all users
Reset Installed Plugins — reinstall all plugins (from WordPress repository only)
Available Free WordPress Transfers — emergency site migration

Sucuri WAF (Paid)

The paid WAF works differently: your domain's DNS points to Sucuri servers, all traffic goes through them. Sucuri filters malicious traffic before it reaches your server. The plugin is used for configuration and monitoring.

To enable: Sucuri → Firewall WAF → Add Site. Change domain NS/A records. Sucuri proxies traffic to origin server by IP (not by domain — whitelist only Sucuri IP).

Comparison with Wordfence

Sucuri WAF (paid) — network-level protection, reduces server load. Wordfence WAF — PHP-level protection, server still receives requests. For high-load sites, Sucuri WAF is more efficient. For budget sites, free Wordfence is sufficient.

Timeline

Installation and setup of free Sucuri plugin with hardening — 1–2 hours. Enabling Sucuri WAF with DNS change — 2–3 hours (plus up to 24 hours for DNS propagation).