WordPress.org

Plugin Directory

Sucuri Security - Auditing, Malware Scanner and Security Hardening

The Sucuri WordPress Security plugin is a security toolset for security integrity monitoring, malware detection and security hardening.

1.8.1

  • Modified default setting for the core integrity alerts
  • Added more files to the core integrity ignore list
  • Fixed support for custom data storage directory
  • Fixed admin notices after changing alert settings
  • Fixed settings and audit logs for the firewall page
  • Fixed regression with clear cache in firewall page

1.8.0

  • Added error message when storage is not writable
  • Fixed option getter to migrate plugin settings if possible
  • Fixed base directory name without PHP DIR constant
  • Fixed user authentication denial when no blocked users
  • Fixed htaccess standard rules checker with no WP_Rewrite

1.7.19

  • Added function to rescue HTTP requests using sockets
  • Fixed mishandled JSON data in audit logs Ajax request
  • Modified list of CloudProxy features and promo video

1.7.18

  • Added options library using external file instead of the database
  • Modified API calls using custom HTTP request using Curl
  • Fixed core files marked as broken in a Windows server
  • Fixed pagination links in last and failed logins page
  • Fixed password with ampersands in email notification
  • Fixed whitelist hardening using the authz_core module
  • Removed unnecessary emails to reduce spam
  • Added constant to stop execution of admin init hooks
  • Added explanation for invalid emails and no MX records
  • Added link to open the form to insert the API key manually
  • Added more options in the IP discoverer setting
  • Added option to configure malware scanner timeout
  • Added option to configure the API communication protocol
  • Added option to reset the malware scanner cache
  • Added scheduled task and email alert for available updates
  • Added tool to block user accounts from attempting a login
  • Added tool to debug HTTP requests to the API services
  • Various minor adjustments and fixes

1.7.17

  • Added API service failback mechanism
  • Added core integrity email on force scan
  • Slight interface redesign
  • Various bugfixes and improvements

1.7.16

  • Fixing a low severity XSS (needs admin access to create it)

1.7.14

  • Added alternative method to send email alerts
  • Added button to reset options with explanation
  • Added suggestion for new users to check plugin settings
  • Allow mark as fixed non-writable core files
  • Fixed display menus items single or network panels
  • Fixed handle boolean values in PHP config retrieval
  • Fixed non-standard content location in core integrity
  • Fixed user identifier as integer on password reset
  • Modified css and js files to reduce size
  • Modified do not load resources on hidden sidebar
  • Modified fully redesign of general settings page
  • Modified hide update warning if versions are the same
  • Modified wording of post-types alert settings
  • Removed ellipsis of long IPv6 addresses in last logins
  • Removed unnecessary dns lookups in infosys page
  • Removed unnecessary monospace fonts in settings status
  • Removed unnecessary ssl verification option processor

1.7.13

  • Fixed issue affecting site performance
  • Fixed clear hardening of previous versions
  • Modified report and block non-processable ajax actions
  • Added configure DNS lookups for reverse proxy detection
  • Added option to configure comment monitor and logs
  • Added option to configure the XHR monitor and logs

1.7.12

  • Improved hardening options
  • Added more logging events
  • Various bugfixes and improvements

1.7.11

  • Reverted change for CloudProxy detection to protect legacy users

1.7.10

  • Added better checks for SSL issues
  • Fix for audit log timezones
  • Various bugfixes and improvements

1.7.9

  • Improved reinstallation process
  • Updated sidebar banners
  • Various bugfixes and improvements

1.7.8

  • Fixed bug on the secret keys hardening.

1.7.7

  • Added better support for directory separators
  • Added option to remove API key from plugin
  • Various bugfixes and improvements

1.7.6

  • Added audit log reporting.
  • Added more settings for better control.
  • Added support for more actions.
  • Improved multisite support.
  • Added support for reverse proxies.
  • Various bugfixes and improvements.

1.7.5

  • Added better handling of API responses of remote scanner.

1.7.4

  • Added option for keeping failed logins until the user removes them.
  • Bugfixes for user reported issues.

1.7.3

  • Error log panel.
  • Various bug fixes.

1.7.2

  • Messaging and FAQ updates.

1.7.1

  • Fixed remote scanning that was not loading automatically on some installs.

1.7.0

  • Added Hardening option to remove error log files
  • Bug fixes on some new registrations.
  • Changed format of the internal logs to json.

1.6.9

  • Multiple bug fixes (as reported on the support forums).
  • Added heartbeat for the file scans.
  • Code cleanup.

1.6.8

  • Fixing interface.

1.6.7

  • Added Support for integrity checks on i18n installations.
  • Fixed the setting change bug.

1.6.6

  • Internal code cleanup and re-organization.
  • More white lists for the integrity checks.
  • Additional settings to customize some of the warnings.

1.6.5

  • Fixed integrity checking display.

1.6.4

  • Fixed API generation bug.

1.6.3

  • Added proper brute force alerts.
  • Added option to restrict number of emails.
  • Added more description to the emails.
  • Added a list of failed login attempts inside the last login tab.

1.6.2

  • Setting a maximum number of emails per hour.
  • Fixing typos.

1.6.1

  • Initial release with new auditing options.

1.6.0

  • A new dashboard to welcome users to the new features of the plugin.
  • Overall design of the interface of all the pages were modified.
  • SiteCheck scanner results were filled with more information.
  • SiteCheck scanner results markers when the site is infected/clean.
  • System Info page were simplified with tabulation containers.
  • Integrity check for administrator accounts was optimized.
  • Integrity check for outdated plugins/themes was optimized and merged.
  • IPv6 support in last logins statistics.

1.5.7

  • WordPress 3.9 compatibility

1.5.6

  • Added IPv6 support.
  • Fixed links and messaging.

1.5.5

  • Added list of logged in users.
  • Added system page.
  • Change the integrity checking to use WP API.

1.5.4

Bug fixes.

1.5.2

  • Adding additional information about .htaccess hacks and the server
  • environment.

1.5.0

  • Fixing last login and giving better warns on permission errors.
  • Making the integrity check messages more clear.

1.4.8

  • New and clean design for the scan results.
  • Adding a web firewall check on our hardening page.

1.4.7

  • Cleaning up the code a bit.
  • Only displaying last login messages to admin users.
  • Storing the logs into a log file instead of the db.

1.4.6

  • Increasing last login table to the last 100 entries.

1.4.5

  • Fixing some issues on the last login and allowing the option to disable it.

1.4.4

  • Small bug fixes + forcing a re-scan on every scan attempt (not using the
  • cache anymore).

1.4.3

  • Fixing a few PHP warnings.

1.4.2

  • Fixing a few PHP warnings.

1.4.1

  • Small bug fixes.
  • Adding last IP to the last login page.

1.4

  • Added post-hack options (reset all passwords).
  • Added last-login.
  • Added more hardening and the option to revert any hardening done.

1.3

  • Removed some PHP warnings and code clean up.
  • Added WordPress integrity checks.
  • Added plugin/theme/user checks.

1.2.2

  • Tested on WP 3.5.1

1.2.1

  • Tested on WP 3.5-RC4
  • Style changes

1.2

  • Cleared PHP warnings
  • Added /inc directory
  • Added /lib directory
  • Logo added
  • Default stylesheet added
  • Header area added
  • Sidebar area added
  • Restyled 1-click hardening page
  • Removed old malware page

1.1.7

  • Tested on WP 3.5-RC3.

1.1.6

  • Upgrading for WP 3.3.

1.1.5

  • Removed PHP warnings / code cleaning.

1.1.3

  • Cleaning up the results.
  • Added 1-click hardening.

1.1.2

  • First release that is good to be used (debugging code removed).

1.1.1

  • First public release.

Requires: 3.2 or higher
Compatible up to: 4.5.4
Last Updated: 3 months ago
Active Installs: 200,000+

Ratings

4.6 out of 5 stars

Support

10 of 19 support threads in the last two months have been marked resolved.

Got something to say? Need help?

Compatibility

+
=
Not enough data

1 person says it works.
0 people say it's broken.

100,1,1 100,1,1
100,1,1
100,1,1 100,1,1 50,2,1 50,2,1
100,1,1
100,2,2
100,1,1
100,3,3
100,2,2
0,3,0 100,1,1 40,5,2
100,1,1
100,2,2
100,3,3
100,1,1 100,4,4
100,1,1
100,2,2
100,2,2 100,2,2 100,4,4 100,1,1 100,2,2
100,3,3 100,2,2 100,3,3
100,7,7 100,3,3 100,3,3 100,6,6
100,1,1 100,2,2
100,5,5 100,2,2
100,2,2 100,1,1 100,1,1
100,2,2 100,1,1
100,1,1 100,1,1 100,5,5
100,1,1 100,1,1
100,1,1
100,2,2
83,6,5 100,1,1
75,4,3
100,3,3
100,1,1
100,1,1
75,4,3
100,1,1
100,1,1
100,1,1 0,1,0
75,4,3
100,1,1