Sucuri Security – Auditing, Malware Scanner and Security Hardening

Description

Sucuri is a globally recognized authority in all matters related to
website security, with specialization in WordPress Security.

The Sucuri Security WordPress Security plugin is free to all WordPress users.
It is a security suite meant to complement your existing security posture with
seven key security features:

  1. Security Activity Audit Logging
  2. File Integrity Monitoring
  3. Remote Malware Scanning
  4. Blacklist Monitoring
  5. Effective Security Hardening
  6. Post-Hack Security Actions
  7. Security Notifications

Security Activity Audit Logging

This is perhaps the most underutilized security function. It’s the act of
monitoring all security related events within your WordPress site. The
challenge is, what makes up a security event. In the eyes of Sucuri, any
change that occurs within the application could be categorized as a security
event, as such we try to record it.

This is important because it allows you, the website owner, the ability keep a
good eye on the various changes occurring within your environment. Who is
logging in? What changes are being made?

This feature is logging all activity to the Sucuri cloud, for safe keeping.
This ensures that an attacker is not able to wipe your forensic data and
prevent further security analysis after a compromise. If an attacker is able
to bypass your security controls, your security logs will be kept safe within
the Sucuri Security Operations Center (SOC).

This feature is particularly important to website / system administrators and
security experts looking to understand what is going on with their website and
when it’s happening.

Security File Integrity Monitoring

Security File Integrity Monitoring has been fundamental to the world of
security. It’s the act of comparing a known good with the current state. If
the current state differs from the known good, you know you have a problem.
This is the basis of a lot of host Intrusion detection systems. It’s what we
have built into the plugin.

It will create a known good the minute the plugin is
installed. This will be of all the directories at the root of the install,
this includes plugins, themes and core files.

Here is a video of the Security File Integrity Monitoring feature:

Remote Malware Scanning

This feature is powered by our very powerful scanning engine, found on our
free security scanner – SiteCheck. It’s
important to take some time to
understand how this scanner works
.

Here is a video of the Remote Security Malware Scanning feature:

There are limitations with the way this scanner works, you can find more info
in that in the FAQ section.

Security Blacklist Monitoring

Another very interesting feature of the Security Malware Scanner is that it
incorporates various blacklist engines. Security blacklist engines include the
following:

  1. Sucuri Labs
  2. Google Safe Browsing
  3. Norton
  4. AVG
  5. Phish Tank
  6. ESET
  7. McAfee Site Advisor
  8. Yandex
  9. SpamHaus
  10. Bitdefender

These are some of the largest blacklisting entities, each having the ability
to directly impact your brands online reputation. By synchronize with their
environments we’re able to tell you, upon scan, whether any of them are
negatively flagging your website with a security related issue.

If they do, then via our Website AntiVirus product, we’re able to help you get
off the their security blacklist.

Effective Security Hardening

It’s easy to get lost in the world of security hardening. At Sucuri we clean
100’s of websites a day, many with the various security hardening
configurations you find in various WordPress Security presentations. In this
section, we add those that we feel to be most effective, and that complement
the entire Sucuri suite of products.

Here is a video of the Effective Security Hardening feature:

Post-Hack Security Actions

Regardless of how good your security posture is, sometimes it’s impossible to
prevent the inevitable. When this happens, we’ve included a section to help
you walk through the three key things you should do after a compromise.

Here is a video of the Post-Hack Security Actions feature:

Security Notifications

Having all these security features would be useless unless you were notified
of the issues. This is why we have made available security notifications. We
have also expanded the various security related events, to provide website
owners more flexibility in regards to what they want to know about. As a
website owner, you have the option to make these security alerts as quiet or
noisy as you would like.

Sucuri CloudProxy Website Firewall (Add On Security Service)

This is by far the coolest security feature Sucuri has to offer everyday
website owners. It’s an enterprise grade Website Firewall known as CloudProxy.
It is designed to give you the best security protection any website can hope
for. It protects your website from a variety of website attacks and security
events to include:

  1. Denial of Service (DOS / DDOS) Attacks
  2. Exploitation of Software Vulnerabilities
  3. Zero Day Disclosure Patches
  4. Brute Force Attacks against your Access Control Mechanisms

This is coupled with a number of features like:

  1. Performance Optimization
  2. Advanced Access Control Features
  3. Failover and Redundancy

This is not included as a free option to the plugin, but is
integrated so that if purchased you are able to activate. If you prefer to
leverage the Sucuri Firewall (CloudProxy) product by itself,
you have the option to operate the
Website Firewall WordPress Security
plugin in standalone mode.

The Sucuri Security WordPress Security plugin is built by the team that is
known for their proactive approach to security. It is built using intelligence
gathered from thousands upon thousands of remediation cases, millions of
unique domain scans and 10’s of millions of website security attack blocks.

Credits

Installation

The installation of the Sucuri WordPress Security plugin is very
simple and straight forward. A detailed
breakdown of the process is available, including images,
below however we
outline the bare minimum steps.

Here is a quick video walking you through the installation and configuration of the Sucuri WordPress Security plugin:

To install Sucuri and complement your Security posture:

  1. You will want to log into your WordPress administration panel – (e.g.,
    https://yourdomain/wp-admin)

  2. Navigate to Plugins Menu option in your WordPress
    administration panel

  3. Select Add New

  4. Type Sucuri in the Search box, and click
    Search plugins.

  5. The first option you get should be for Sucuri Security – Auditing,
    Malware Scanner and Hardening

  6. Select Install Now

  7. Now choose to Activate the plugin.

  8. Once activated, you will need to create an API key, this is done
    automatically for you. Simply click on Generate API Key for
    XXXXXX

  9. Once the API key is generated the page will redirect you to your dashboard
    and the plugin is automatically configured for you.

To configure the Sucuri WordPress Security plugin for your specific Security
needs:

  1. Navigate to the Sucuri Security menu option (left hand
    side).

  2. Hover or click on the name.

  3. Click on Settings

The Settings page allows you to configure the website to your
preferred security needs. Some of it’s features include changing the email
notifications, via the notification settings tab or disabling
integrity checking. We encourage you to visit this section and tune your
security needs as you see fit.

FAQ

More information can be found on the the Sucuri Security WordPress Security
plugin via our free Knowledge Base.

What does this plugin do that other WordPress security plugins don’t do?

A few other security plugins provide activity monitoring features, but few do
them well. The activity monitoring in this plugin is second to none, tying the
activity into the Sucuri Security Operations Center (SOC) ensuring it’s safe
keeping.

This security plugin also takes a different approach to security plugins,
stripping it of what we categorize as unnecessary features for a basic website
end-user. We’ve narrowed the key features we felt were most pertinent to any
website owner and integrated them into this plugin.

If I install the Sucuri plugin do I get a Sucuri account?

No, this is a free plugin that we offer at no charge. It does not mean you get a free account.

If I have the premium plugin, do I need the Free plugin?

The free plugin will be replacing the Premium plugin in the coming weeks.
Eventually, there will only be one plugin. If you have the premium plugin, and
install the free version, the free version will overwrite the premium version.

Do I still need Sucuri’s products if I have this plugin?

Yes. This plugin compliments your existing security toolsets. It is not
designed to replace the Sucuri AntiVirus or Firewall products.

Where do I get support for this plugin?

The best place is to engage us via the Support Forum. If
you are a client,
<a href=“https://support.sucuri.net/support/?new”you can
submit a ticket here.

Does your plugin conflict with WordFence?

The plugin does not, but there might be issues with our scanners. If you get
an “Unable to Properly Scan Your Site” It’s likely because the WordFence
plugin is blocking our scanner as an invalid crawler.

You would have to white list our IP address on the WordFence dashboard.

What are the Remote Security Malware Scanning Limitations?

Because the security malware scanner is remote, it is unable to see things
that are on the server but that are not displaying on the browser. If you are
interested in this, we encourage you to subscribe to our Website AntiVirus
product.

This issues includes things like Phishing pages, Backdoors, Mailer Scripts,
etc…

Your plugin didn’t detect this malware?

This happens, reference the Remote scanner limitations above. This should not
be confused with our Website AntiVirus product. If you have malware, and you
are a client, submit a ticket so that we can help you get
clean.

If you are not a client, and you want to share what you have found please send
it to labs@sucuri.net.

The plugin is not performing application level malware / security scanning so
this is not uncommon.

Is it free to enable the Website Firewall option?

No, it is not. To enable you must subscribe to the Website Firewall
service
.

Will this plugin impact the performance of my website?

No, it will not.

Do the logs get stored to my database?

No, it does not.

Are there any issues installing your plugin with any hosts?

Not that we are aware of.

Do I need to run this plugin to get the Website Firewall ad-on feature?

No, it is not required. The Website Firewall (CloudProxy) runs in the cloud without
the need of anything installed. This plugin only helps see and manage the
service from the WordPress dashboard.

Reviews

Absolutely Necessary

I install this on every client’s WordPress installation. It’s an absolute necessity and has saved the proverbial bacon more times than I can remember.

Works

Works except that the plugin won’t remember the API key every time I log in.

Read all 253 reviews

Contributors & Developers

“Sucuri Security – Auditing, Malware Scanner and Security Hardening” is open source software. The following people have contributed to this plugin.

Contributors

Changelog

1.8.3

  • Fixed fatal error when PHPMailer failed
  • Fixed incorrect selected value in settings
  • Fixed kb links and content.
  • Added SiteCheck for arbitrary domain
  • Various code cleanup

1.8.2

  • Modified logic of the settings in database checker
  • Modified default value for the available updates alerts
  • Fixed undefined array and object keys in audit logs
  • Fixed incompatibilities with foreign API service responses
  • Added development option to keep using the database
  • Added panel with information about the plugin settings
  • Added conditional to prevent redeclaration of class
  • Fixed cache flush function used to delete datastore

1.8.1

  • Modified default setting for the core integrity alerts
  • Added more files to the core integrity ignore list
  • Fixed support for custom data storage directory
  • Fixed admin notices after changing alert settings
  • Fixed settings and audit logs for the firewall page
  • Fixed regression with clear cache in firewall page

1.8.0

  • Added error message when storage is not writable
  • Fixed option getter to migrate plugin settings if possible
  • Fixed base directory name without PHP DIR constant
  • Fixed user authentication denial when no blocked users
  • Fixed htaccess standard rules checker with no WP_Rewrite

1.7.19

  • Added function to rescue HTTP requests using sockets
  • Fixed mishandled JSON data in audit logs Ajax request
  • Modified list of CloudProxy features and promo video

1.7.18

  • Added options library using external file instead of the database
  • Modified API calls using custom HTTP request using Curl
  • Fixed core files marked as broken in a Windows server
  • Fixed pagination links in last and failed logins page
  • Fixed password with ampersands in email notification
  • Fixed whitelist hardening using the authz_core module
  • Removed unnecessary emails to reduce spam
  • Added constant to stop execution of admin init hooks
  • Added explanation for invalid emails and no MX records
  • Added link to open the form to insert the API key manually
  • Added more options in the IP discoverer setting
  • Added option to configure malware scanner timeout
  • Added option to configure the API communication protocol
  • Added option to reset the malware scanner cache
  • Added scheduled task and email alert for available updates
  • Added tool to block user accounts from attempting a login
  • Added tool to debug HTTP requests to the API services
  • Various minor adjustments and fixes

1.7.17

  • Added API service failback mechanism
  • Added core integrity email on force scan
  • Slight interface redesign
  • Various bugfixes and improvements

1.7.16

  • Fixing a low severity XSS (needs admin access to create it)

1.7.14

  • Added alternative method to send email alerts
  • Added button to reset options with explanation
  • Added suggestion for new users to check plugin settings
  • Allow mark as fixed non-writable core files
  • Fixed display menus items single or network panels
  • Fixed handle boolean values in PHP config retrieval
  • Fixed non-standard content location in core integrity
  • Fixed user identifier as integer on password reset
  • Modified css and js files to reduce size
  • Modified do not load resources on hidden sidebar
  • Modified fully redesign of general settings page
  • Modified hide update warning if versions are the same
  • Modified wording of post-types alert settings
  • Removed ellipsis of long IPv6 addresses in last logins
  • Removed unnecessary dns lookups in infosys page
  • Removed unnecessary monospace fonts in settings status
  • Removed unnecessary ssl verification option processor

1.7.13

  • Fixed issue affecting site performance
  • Fixed clear hardening of previous versions
  • Modified report and block non-processable ajax actions
  • Added configure DNS lookups for reverse proxy detection
  • Added option to configure comment monitor and logs
  • Added option to configure the XHR monitor and logs

1.7.12

  • Improved hardening options
  • Added more logging events
  • Various bugfixes and improvements

1.7.11

  • Reverted change for CloudProxy detection to protect legacy users

1.7.10

  • Added better checks for SSL issues
  • Fix for audit log timezones
  • Various bugfixes and improvements

1.7.9

  • Improved reinstallation process
  • Updated sidebar banners
  • Various bugfixes and improvements

1.7.8

  • Fixed bug on the secret keys hardening.

1.7.7

  • Added better support for directory separators
  • Added option to remove API key from plugin
  • Various bugfixes and improvements

1.7.6

  • Added audit log reporting.
  • Added more settings for better control.
  • Added support for more actions.
  • Improved multisite support.
  • Added support for reverse proxies.
  • Various bugfixes and improvements.

1.7.5

  • Added better handling of API responses of remote scanner.

1.7.4

  • Added option for keeping failed logins until the user removes them.
  • Bugfixes for user reported issues.

1.7.3

  • Error log panel.
  • Various bug fixes.

1.7.2

  • Messaging and FAQ updates.

1.7.1

  • Fixed remote scanning that was not loading automatically on some installs.

1.7.0

  • Added Hardening option to remove error log files
  • Bug fixes on some new registrations.
  • Changed format of the internal logs to json.

1.6.9

  • Multiple bug fixes (as reported on the support forums).
  • Added heartbeat for the file scans.
  • Code cleanup.

1.6.8

  • Fixing interface.

1.6.7

  • Added Support for integrity checks on i18n installations.
  • Fixed the setting change bug.

1.6.6

  • Internal code cleanup and re-organization.
  • More white lists for the integrity checks.
  • Additional settings to customize some of the warnings.

1.6.5

  • Fixed integrity checking display.

1.6.4

  • Fixed API generation bug.

1.6.3

  • Added proper brute force alerts.
  • Added option to restrict number of emails.
  • Added more description to the emails.
  • Added a list of failed login attempts inside the last login tab.

1.6.2

  • Setting a maximum number of emails per hour.
  • Fixing typos.

1.6.1

  • Initial release with new auditing options.

1.6.0

  • A new dashboard to welcome users to the new features of the plugin.
  • Overall design of the interface of all the pages were modified.
  • SiteCheck scanner results were filled with more information.
  • SiteCheck scanner results markers when the site is infected/clean.
  • System Info page were simplified with tabulation containers.
  • Integrity check for administrator accounts was optimized.
  • Integrity check for outdated plugins/themes was optimized and merged.
  • IPv6 support in last logins statistics.

1.5.7

  • WordPress 3.9 compatibility

1.5.6

  • Added IPv6 support.
  • Fixed links and messaging.

1.5.5

  • Added list of logged in users.
  • Added system page.
  • Change the integrity checking to use WP API.

1.5.4

Bug fixes.

1.5.2

  • Adding additional information about .htaccess hacks and the server
  • environment.

1.5.0

  • Fixing last login and giving better warns on permission errors.
  • Making the integrity check messages more clear.

1.4.8

  • New and clean design for the scan results.
  • Adding a web firewall check on our hardening page.

1.4.7

  • Cleaning up the code a bit.
  • Only displaying last login messages to admin users.
  • Storing the logs into a log file instead of the db.

1.4.6

  • Increasing last login table to the last 100 entries.

1.4.5

  • Fixing some issues on the last login and allowing the option to disable it.

1.4.4

  • Small bug fixes + forcing a re-scan on every scan attempt (not using the
  • cache anymore).

1.4.3

  • Fixing a few PHP warnings.

1.4.2

  • Fixing a few PHP warnings.

1.4.1

  • Small bug fixes.
  • Adding last IP to the last login page.

1.4

  • Added post-hack options (reset all passwords).
  • Added last-login.
  • Added more hardening and the option to revert any hardening done.

1.3

  • Removed some PHP warnings and code clean up.
  • Added WordPress integrity checks.
  • Added plugin/theme/user checks.

1.2.2

  • Tested on WP 3.5.1

1.2.1

  • Tested on WP 3.5-RC4
  • Style changes

1.2

  • Cleared PHP warnings
  • Added /inc directory
  • Added /lib directory
  • Logo added
  • Default stylesheet added
  • Header area added
  • Sidebar area added
  • Restyled 1-click hardening page
  • Removed old malware page

1.1.7

  • Tested on WP 3.5-RC3.

1.1.6

  • Upgrading for WP 3.3.

1.1.5

  • Removed PHP warnings / code cleaning.

1.1.3

  • Cleaning up the results.
  • Added 1-click hardening.

1.1.2

  • First release that is good to be used (debugging code removed).

1.1.1

  • First public release.