Sucuri Review – Website AntiVirus + Firewall and Post Hack Cleaning Service
Filed in Reviews
Sucuri Review – Internet security has never been a more important issue.
In this review of Sucuri’s internet security suite, I’ll be taking you through some of my experiences using their cloudproxy, website firewall, antivirus and post-hack cleaning service. As well as giving you an overview of all of Sucuri’s bells and whistles.
In recent years, hacker collectives have succeeded in bringing down some of the most high-profile brand websites and networks. The recent Sony Pictures and Christmas Day console network hacks have demonstrated that even billion-dollar industries aren’t safe from malicious attacks.
Meanwhile, criminals around the world are still making oodles of cash by exploiting the vulnerable quirks of the web – hence why you’ll still come across the odd poorly-written Viagra advert and empty ‘find out how I make $100 a day’ boasts while you browse.
How do you keep your own site (and the users that visit it every day) safe from this faceless threat?
Security Peace of Mind
Fortunately, there are many firms out there dedicated to fighting hackers and keeping the internet safe.
Sucuri is an internet security company specialising in providing firewall & antivirus solutions for website owners. Their services are designed to thwart attempts at spamming, infecting and bringing down your website – and to fix the damage if your own site becomes a victim.
The software offers a comprehensive range of preventative measures and tools – if you’re signed up with Sucuri, you’re protected against brute-force hacking, software & script exploits and even zero-day events (vulnerabilities are virtually patched).
I personally recommend their CloudProxy Service, which I’ve used with several clients’ WordPress sites. With this service, you get the protection against malware and DDoS attacks, with the added benefit of improved site performance for your users.
The CloudProxy Service comes with a ton of extra advanced security options including:
- Admin panel restricted to only Whitelisted IP addresses. A bouncer for your admin panel, blocks anyone not on the list from accessing your /wp-admin section.
- Additional Security Headers added to your site. Protection from clickjacking and XXS attacks.
- XMLRPC, Comments and Trackbacks blocked. If you’re using facebook or disqus comments, you can block all other forms of commenting, brilliant for blocking spam.
- Stop unfiltered HTML from being sent to your site. Prevents users from inserting unflitered HTML content into your site. Blocks Iframes and script calls from being used.
- Stop upload of PHP or executable content. Prevents anyone from uploading PHP, Perl or executable content to your site.
- Advanced evasion detection. This option enables advanced evasion detection signatures.
- Enable Emergency DDoS protection. HTTP Flood protection, ideal if you’re under attack and need protection fast.
- Advanced Intrusion Detection System. Enables Sucuri’s IDS system which runs in the backend to protect against repeat attackers.
- Block proxies and the top three attack countries (China, Russia and Turkey). Blocks anyone from China, Russia or Turkey from interacting with your site. They are still able to view content but not use the forms or other interactive areas.
In addition, using Sucuri’s Geo Blocking service you can block individual countries from either viewing your site, posting or interacting with your site or both.
If anything nasty does manage to slip through the net, you’ll be the first to know. Sucuri provides continuous monitoring of your site via a free plugin you can download, which will quickly alert you to any significant changes to your site’s code, be they malicious or benign.
You can even choose how alerts are delivered to you from a huge variety of options, including mobile phone text messages, instant messaging via social media, RSS feed alerts and more.
Fixed That For You
Sucuri will clean up your site if it has been hacked, removing the malware and delivering a final report to you once it has been fixed. As well as solving on-site issues, Sucuri checks search engine and antivirus software blacklists, to see if the hack has affected the reputability of your site and brand. If it has, they also work to get your site removed from these blacklists as soon as possible.
This service is included in their subscriptions with no extra charge – whether you’ve been a Sucuri customer for years, or you’ve only recently been hacked and you’re signing up for the first time.
If it’s a particularly nasty hack, sometimes issues can remain after the initial repair process – in these cases, a Sucuri team member can perform a more in-depth manual analysis and cleanup for you.
What if the damage done is irreversible? No problem – Sucuri creates regular backups of your site’s files, so if disaster hits, your site can be quickly restored to its former glory. Best of all, these backup files are automatically stored in the cloud, so they can be retrieved wherever you are, whenever you need them.
Your Security Taken Seriously
The Sucuri team devote a good portion of their time to researching and identifying new hacking vulnerabilities and trends, so they can quickly prepare for new threats and keep their customers safe from them. Even if your site’s hack is new to them, they can identify the principles behind such attacks and tackle them accordingly.
You can choose from a variety of subscription options from basic single-site protection to larger multi-site packages for businesses. Prices are set at regular monthly amounts, so you won’t find yourself with an unexpectedly higher bill because you’ve been targeted with a larger or more obscure attack.
If there’s anything I’ve missed or not covered in this Sucuri Review please feel free to leave a comment or alternatively you can can take a look at the Sucuri website here.
Based in London, Working Everywhere
I’m a Freelance Web Designer and WordPress developer, I’m based in London but work with client’s in the UK and all over the world.
[…] Ben from Boshanka shows how it can be done in his software review blog post. […]
[…] Ben from Boshanka shows how it can be done in his software review blog post. […]