Sucuri Security For WordPress and how to Secure WordPress from Hackers
Is Sucuri Security For WordPress Best?
How to Secure WordPress from Hackers ?
Everyday there are millions of website owners who become a victim of their website being hacked. As more and more new websites come into the market there are more website being hacked.
Don’t be fooled with the concept that only those sites which are old and have lots of traffic in their website that their site gets hacked. This is not the case, as those website which are popular have powerful team of developers who are constantly working on their site and are day in and day out tackling hackers before they hack the website. So, it becomes pretty hard for the hackers to hack these websites.
Thus, most of the hackers move to new and those website which are not properly secured. This is because, it is easier to hack these types of website and it takes less of an effort for the hackers.
There are more than 80 millions website which are running on WordPress.
This may be good for some but this also makes it a popular choice for the hackers to prey on them. Think about how many of the website have taken the necessary steps to ensure that their website are secure and is hack-proof.
WordPress is easier to maintain and configure even for those who do not have any knowlegde in programming. They just need to install a theme and a plugin and they are ready to go.
This also makes their website an easy prey for the hackers as the WordPress users do not know the best practices to keep their website secure.
For WordPress security Sucuri is the best in the game and the Sucuri plugin is the most popular security plugin for WordPress. This plugin offers you with a whole lot of security features like protecting your website from malwares and hackers.
Sucuri have a security monitoring system which lets users to automatically scan their website for malwares, redirects as well as injections on their website. This plugin not only find the malware but also remove the malware completely from your website if they finds one.
Another cool feature of this security plugin is that it helps your site to get removed from blacklist of search engines.
To install Sucuri Security Plugin For Your WordPress Website Follow These Steps :
1. Go to your WordPress Dashboard and click on Plugins >> Add New.
2. On the search bar search for “Sucuri”.
3. From the search results install “Sucuri Security” by “Sucuri Inc.” and activate the plugin after installation.
Once activated, you will find Sucuri Security menu on the sidebar.
4. Hover over it and click on “Dashboard”.
As soon as you get into the Sucuri Dashboard, you will be greeted with a warning sign that your “Core WordPress Files Were Modified”. All the lists of files which have been modified will be listed on the Sucuri Dashboard.
5. Now, Click on “Generate API Key”. Enter you email and click on “Submit”.
You will get a “Site registered successfully message”.
6. Click on “Dashboard”. The “Generate API Key” will disappear.
7. Now you can check the files which were modified and check on those which you did not modify. You can identify it as the red flag or a purple flag. Check the “I understand” box and then on “Action”, choose “Restore File” and then click on “Submit”.
You can do this to those files which you haven’t modified by yourself.
The green flags are safe flags which means that you need not worry about them.
Configure the Firewall settings in Sucuri
You need to buy a plan in order to start using this feature. After purchasing the plan, you will receive Firewall API Key.
1. Click on the “Firewall” tab on the Sucuri Dashboard.
2. On the Firewall Settings page, paste the “Firewall API Key” on the space provide and click on “Save”.
3. If you are not buying the plan you can go to “IP Access” tab and could blocks IP addresses from accessing your website. You just have to enter the IP Address on the Blacklist IP area and the click on “Submit”.
4. Also you can clear the Cache of your website from the Firewall page. Click on the “Clear Cache” tab and check the box and then click on “Clear Cache”.
This clears the cache of your website and this helps when some of your webpages are not loading properly. When you are making a post or creating a page, if its not getting updated, the you could clear the cache.
5. You can also check last logins of users from the “Last Login”.
If you think someone you don’t know trying to login then you can copy his IP Address and block him by pasting his IP Address in the “IP Access”.
6. Now head over to “Settings” in Sucuri.
7. On the “General” tab, you will see all that you had configured before. Below that you don’t need to configure as it’s already configured.
8. Click on “Scanner”. Scroll down and “Enable” “WordPress Integrity Diff Utility”. This helps in finding the original file and the files that have been hacked.
9. Now move to “Hardening”. On the first option of “Website Firewall Protection” click on “Apply Hardening”. You need to have bought a plan in order use this option.
You can go ahead and “Apply Hardening” for:
Block PHP Files in Uploads Directory
Block PHP Files in WP-CONTENT Directory
Block PHP Files in WP-INCLUDES Directory
This is going to block all Php file uploads on those directories.
10. Let’s now move onto “Post-Hack”
In this section, on the “Update Secret Keys” scroll down and check on “I understand” and click on “Generate New Security Keys”. This generates new security keys for your website and replaces it with your old keys.
You will be logged out of your WordPress Dashboard. Log back into your Dashboard and head over to “Post-Hack” in Sucuri again. You will see new keys have been added.
11. Click on the Alerts tab. Here you will receive alerts of your website straight to you by email. Enter your email and click on “Submit”.
12. Scroll down and on “Trusted IP Addresses” enter the IP addresses that you trust, you can go ahead and enter your own IP address.
You can find your IP address by searching on Google, “my ip address”. This is so that your IP does not get blocked mistakenly.
13. On the Alert Subject, you don’t need to do anything and keep it. This is for the format in which you want to receive alerts for your website.
14. On the Alert Per Hour, you can choose how many alerts you would want to receive every hour. Choose as per your liking and click on Submit.
15. In Password Guessing Brute Force Attacks you can also keep that on default which is 30 failed logins per hour.
Brute Force Attacks is when hackers keeps on trying out different passwords in order to log them in. This is basically done by automated tools which carries out thousand of queries per second.
16. Inside the Security Alert, you need to check on some of the option positively:
Receive email alerts for new user registration.
Receive email alerts for for password guessing attacks.
Receive email alerts when a plugin is deactivated.
Receive email alerts when a theme is deleted.
If you want to, you can check others which you like and then click on Submit.
17. Nothing needs to be configured on “API Service Communication” as its already configured for you. On “Website Info” you will get all the details of your website.
These is how you configure your Sucuri Security Plugin on WordPress.