This plugin hasn’t been tested with the latest 3 major releases of WordPress. It may no longer be maintained or supported and may have compatibility issues when used with more recent versions of WordPress.

Sucuri Security – Website Firewall (CloudProxy)


Sucuri Inc is a globally recognized authority in all matters related to
website security, with specialization in WordPress Security.

The Sucuri Security Website Firewall(CloudProxy) product is a Cloud-based
Website Application firewall (WAF) and Intrusion Prevention System (IPS)
providing everyday website owners Enterprise class security at an affordable
cost. This security plugin extends the management of the Website Firewall,
making it available to you in your WordPress dashboard. All security features
are not available in this plugin and for a complete list of the security
feature, and its management, visist your Sucuri Security Dashoard.

This security plugin performs it’s security hardening remotely via a service
so it does not contain any additional hardening, it employs a number of
features like virtual hardneing and patching that provide all the security
hardening your website requires. Additionally, the security hardening is
performed off your web server, alleviating the load that attacks place on your
existing webserver resources. This service only available via a paid
subscription of the Sucuri Website Firewall product.

The Sucuri Website Firewall (CloudProxy) product offers you enterprise class perimeter security
for your website, addressing some of the biggest issues WordPress websites face in regards to security.

This WordPress Security plugin can be used in conjunction with other plugins.
It does not replace the Sucuri Security – Auditing, Malware Scanner and
Hardening plugin
. The features
found in this plugin have been integrated into that plugin, installing it will
remove this plugin and wrap everything into one toolset.

Some of the security issues this product protects your website includes:

  • Security Filtering of all traffic – blocking all security related issues before it hits your website / web server
  • Apply Security Patches Virtually
  • Virtual Security Hardening
  • Block of Cross Site Scripting (XSS) attacks
  • Block of SQL Injection (SLQi) attacks
  • Block of Remote / Local File Inclusion (RFI/LFI) attacks
  • Block of Remote Code Execution (RCE) attacks
  • Advanced Security Access Control Features (i.e., IP whitelisting, 2FA, etc..)
  • Performance Optimization
  • Fully Managed Security Protection for Your Website

A few features of the Sucuri Security Website Firewall product deserve special
attention for the added value website owners get. They include:

Denial of Service (DDOS) Security Mitigation

Denial of Service (DoS/DDoS) attacks are not new, but are growing in popularity.
The introduction of new booster services, that allow any online users
to pay someone else to attack someone elses website, have created an influx of
DoS attacks. They range in scale and impact, but often the impact of such an
attack is simple – to bring your website down. Kill it’s availability and make
sure that your visitors are unable to access the website.

This is especially true if you are leveraging shared server space, this often
means the resources allocated to your one website are marginal and any influx
in traffic could completely disable your websites performance. If the problem
persits, you run the risk of getting kicked off your hosts environment.

Brute Force Protection

This is a serious issue in WordPress security. There was a time where many
perceived this to be an impossibility due to challenges in networks, that is
no longer the case. Technology has made it so that the latency that was once
introduced via networks is no longer the bottlekneck.

Brute Force attacks are a security threat that every website owner must be
mindful of. It’s an act in which the attacker attempts to continously
penetrate your environment, using a variety of attempts with varying username
/ password combination in an effort to gain entry. With the hopes that they
will get lucky. This can be achieved with other security plugins, but
attackers continue to develop evasive techniques to bypass security plugins
that live an operate at the application layer of your website.

This security protection takes place at the edge, offloading the attack from
your web server and providing you optimal website security.

Vulnerability Security Exploitation Prevention

This is one of the neatest features our product has to offer. Our research
into vulnerabilities has led to some of the largest security disclosures in
2014 pertaining to software security vulnerabilities. This has affected some
of the largest brands to inlcude the MailPoet Newsletter plugin, All-in-One
SEO plugin, RevSlider plugin, and many more.

Vulnerabilty exploitation is a big issue today for website owners leveraging
the WordPress platform. It is easy to install WordPress, even easier to find a
plugin that performs a specific function, but often the last thought a website
owner has is around the security of the code they are putting into their
website. It’s also impossible for the website owner to know whether the code
is good or bad, or what to do if it’s bad but still offers the feature they
are interested in.

Being able to stop attackers from exploiting these security weaknesses is
imperative for website owners.

Malware Prevention

A malware issue is a security event in which Malicious Software (Malware) has
been injected into your website. It often comes in the form of a
drive-by-download or something equivalent in which your website is used as a
spring board to attack your visitors. Imageine for a moment that someone
visiting your website, trusts that your security is top-notch, and gets their
local machine hacked.

The attacker then proceeds to steal all their credentials (i.e., emails,
social media account, financial institutions). This user has now lost their
life savings and is unable to pay their bills while the matter gets resolved,
which can take months if not years.

This is the reality of the pain malware introduces.

Zero Day Immediate Response

This is a very unqiue security feature that allows our security team to
respend immediately when a new security incident is released. Zero day events
occur all the time, they are events that are released for public consumption
but have no existing solutions in place. This happens when an attacker
identifies a potentially big issue and is interested in watching it all burn.
When this happens your website is left to it’s own devices to implement a
solution that addresses the problem, if you don’t implement it in time or
adequately you run the risk of getting compromised.

With this security feature, Sucuri is able to proactively protect your website
within minutes of a security event, like a Zero Day, being released to the
world. Example of this at work include the recent Bash vulnerabilities, and
many of the software vulnerabilities mentioned above (i.e., RevSlider,
Mailpoet, etc…).

You can read more about some of the features here: Sucuri Security – Website Firewall (CloudProxy)

Update-to-date pricing and features can always be found on the Plans &



Make note that this plugin requires the purchase of the Sucuri Security
Website Firewall (CloudProxy) security product. To attain this product you
must signup via the Website Firewall purchase page.

Once that is done, you can enable this plugin by following these steps:

  1. You will want to log into your WordPress administration panel – (e.g.,

  2. Navigate to Plugins Menu option in your WordPress
    administration panel

  3. Select Add New

  4. Type Sucuri in the Search box, and click
    Search plugins.

  5. The first option you get should be for Sucuri Security – Website
    Firewall (CloudProxy

  6. Select Install Now

  7. Now choose to Activate the plugin.

  8. Log into your Sucuri Security dashboard.

  9. Click on the CloudProxy Website Firewall menu option.

  10. Select settings for the configured website (i.e., next to
    your website the states should read Activated) and select API.

  11. Copy the API Key: [randomly generated string].

  12. Return to your WordPress administration panel.

  13. Click on the Sucuri WAF menu option in your WP
    adminstration panel.

  14. Paste the API Key into the input box next to CloudProxy API

  15. Click Update API Key.

  16. Sit back and enjoy!!!


What does Sucuri Website Firewall (CloudProxy) do that other WordPress security plugins don’t do?

It is the only enterprise class Website Application Firewall (WAF) designed
for WordPress users. It is a true WAF providing real-time protection, where
other plugins are reactive and depend on disclosures before protecting your
website. It also uses a state of the art whitelist application profiling
model, contrary to traditional blacklisting WAF systems.

Will Sucuri Security Website Firewall (CloudProxy) slow my site down?

No. It will actually improve the performance of your website.

How often is Sucuri Website Firewall (CloudProxy) plugin updated?

It’s currently set to update on a weekly / bi-weekly basis, depending on a
variety of factors. We reserve to update more or less frequently, it’s
dependent on operational needs. Bug / security fixes always take priority.

What if I need support?

In order to use this plugin you require a paid subscription so to get support
you can log into your Sucuri Security dashboard and submit a

Where can I find material on the Sucuri Website Firewall (CloudProxy) product?

Existing users should feel free to make use of our open Knowledge Base.

For potential users we recommend starting on the Sucuri Security Website Firewall product page

What if my site security has already been compromised by a hacker?

If you have already been hacked then this plugin and product will do little to
address your immediate issue. We recommend leveraging the Sucuri Security
Website AntiVirus
to clear any existing
security issues (i.e., malware infections, [Google Blacklists](, etc…)

Will Sucuri Security Website Fireawll (CloudProxy) protect me against the Timthumb security problem?

Absolutely. The TimeThumb vulnerability is categorized as a Remote File Influction (RFI) vulnerability and that is definitely something that our plugin protects against.

Will Sucuri Security Website Firewall (CloudProxy) conflict with the WordFence plugin?

It should not, but it’s possible. Some of the features might be redundant, you
should be able to remove and / or disable redundant features.

Should I use the Sucuri Security Website Firewall (CloudProxy) plugin in conjunction with the [Sucuri Security – Auditing, Malware Scanner, and Hardening plugin](

Once you install the Sucuri Security – Auditing, Malware Scanner, and
Hardening plugin the Website Firewall plugin will be removed from your
dashboard. The maintenance features of the Website Firewall plugin have been
integrated into our Free Security scanner.


Read all 9 reviews

Contributors & Developers

“Sucuri Security – Website Firewall (CloudProxy)” is open source software. The following people have contributed to this plugin.




  • Cleaning up a few typos.


  • Readme and content changes.


  • Fixed CloudProxy status when behind a CDN.
  • New calls to API v2.
  • Code cleanup.


  • Improved messaging.


  • Added support for the new servers and naming we have.


  • Adding filters + new API url.


  • Adding pagination to the results.


  • A few more audit logs improvements.


  • Adding more details on the caching type and audit logs.


  • Fixed some typos.


  • Added option to allow the user to clear their CloudProxy caching.
  • Added listing of the latest audit log entries.


  • First version.