Sucuri Inc is a globally recognized authority in all matters related to\nwebsite security, with specialization in WordPress Security.<\/p>\n\n
The Sucuri Security Website Firewall(CloudProxy)<\/a> product is a Cloud-based\nWebsite Application firewall (WAF) and Intrusion Prevention System (IPS)\nproviding everyday website owners Enterprise class security at an affordable\ncost. This security plugin extends the management of the Website Firewall,\nmaking it available to you in your WordPress dashboard. All security features\nare not available in this plugin and for a complete list of the security\nfeature, and its management, visist your Sucuri Security Dashoard<\/a>.<\/p>\n\n This security plugin performs it's security hardening remotely via a service\nso it does not contain any additional hardening, it employs a number of\nfeatures like virtual hardneing and patching that provide all the security\nhardening your website requires. Additionally, the security hardening is\nperformed off your web server, alleviating the load that attacks place on your\nexisting webserver resources. This service only available via a paid\nsubscription of the Sucuri Website Firewall<\/a> product.<\/p>\n\n The Sucuri Website Firewall (CloudProxy) product offers you enterprise class perimeter security \nfor your website, addressing some of the biggest issues WordPress websites face in regards to security.<\/p>\n\n This WordPress Security plugin can be used in conjunction with other plugins.\nIt does not replace the Sucuri Security - Auditing, Malware Scanner and\nHardening plugin<\/a>. The features\nfound in this plugin have been integrated into that plugin, installing it will\nremove this plugin and wrap everything into one toolset.<\/p>\n\n Some of the security issues this product protects your website includes:<\/p>\n\n A few features of the Sucuri Security Website Firewall product deserve special\nattention for the added value website owners get. They include:<\/p>\n\n Denial of Service (DoS\/DDoS) attacks are not new, but are growing in popularity.\nThe introduction of new booster services, that allow any online users\nto pay someone else to attack someone elses website, have created an influx of\nDoS attacks. They range in scale and impact, but often the impact of such an\nattack is simple - to bring your website down. Kill it's availability and make\nsure that your visitors are unable to access the website.<\/p>\n\n This is especially true if you are leveraging shared server space, this often\nmeans the resources allocated to your one website are marginal and any influx\nin traffic could completely disable your websites performance. If the problem\npersits, you run the risk of getting kicked off your hosts environment.<\/p>\n\n This is a serious issue in WordPress security. There was a time where many\nperceived this to be an impossibility due to challenges in networks, that is\nno longer the case. Technology has made it so that the latency that was once\nintroduced via networks is no longer the bottlekneck.<\/p>\n\n Brute Force attacks are a security threat that every website owner must be\nmindful of. It's an act in which the attacker attempts to continously\npenetrate your environment, using a variety of attempts with varying username\n\/ password combination in an effort to gain entry. With the hopes that they\nwill get lucky. This can be achieved with other security plugins, but\nattackers continue to develop evasive techniques to bypass security plugins\nthat live an operate at the application layer of your website.<\/p>\n\n This security protection takes place at the edge, offloading the attack from\nyour web server and providing you optimal website security.<\/p>\n\n This is one of the neatest features our product has to offer. Our research\ninto vulnerabilities has led to some of the largest security disclosures in\n2014 pertaining to software security vulnerabilities. This has affected some\nof the largest brands to inlcude the MailPoet Newsletter plugin, All-in-One\nSEO plugin, RevSlider plugin, and many more.<\/p>\n\n Vulnerabilty exploitation is a big issue today for website owners leveraging\nthe WordPress platform. It is easy to install WordPress, even easier to find a\nplugin that performs a specific function, but often the last thought a website\nowner has is around the security of the code they are putting into their\nwebsite. It's also impossible for the website owner to know whether the code\nis good or bad, or what to do if it's bad but still offers the feature they\nare interested in.<\/p>\n\n Being able to stop attackers from exploiting these security weaknesses is\nimperative for website owners.<\/p>\n\n A malware issue is a security event in which Malicious Software (Malware) has\nbeen injected into your website. It often comes in the form of a\ndrive-by-download or something equivalent in which your website is used as a\nspring board to attack your visitors. Imageine for a moment that someone\nvisiting your website, trusts that your security is top-notch, and gets their\nlocal machine hacked.<\/p>\n\n The attacker then proceeds to steal all their credentials (i.e., emails,\nsocial media account, financial institutions). This user has now lost their\nlife savings and is unable to pay their bills while the matter gets resolved,\nwhich can take months if not years.<\/p>\n\n This is the reality of the pain malware introduces.<\/p>\n\n This is a very unqiue security feature that allows our security team to\nrespend immediately when a new security incident is released. Zero day events\noccur all the time, they are events that are released for public consumption\nbut have no existing solutions in place. This happens when an attacker\nidentifies a potentially big issue and is interested in watching it all burn.\nWhen this happens your website is left to it's own devices to implement a\nsolution that addresses the problem, if you don't implement it in time or\nadequately you run the risk of getting compromised.<\/p>\n\n With this security feature, Sucuri is able to proactively protect your website\nwithin minutes of a security event, like a Zero Day, being released to the\nworld. Example of this at work include the recent Bash vulnerabilities, and\nmany of the software vulnerabilities mentioned above (i.e., RevSlider,\nMailpoet, etc...).<\/p>\n\n You can read more about some of the features here: Sucuri Security - Website Firewall (CloudProxy)<\/a><\/p>\n\n Update-to-date pricing and features can always be found on the Plans &\nPricing<\/a> page.<\/p>\n\n Make note that this plugin requires the purchase of the Sucuri Security\nWebsite Firewall (CloudProxy) security product. To attain this product you\nmust signup via the Website Firewall purchase page<\/a>.<\/p>\n\n Once that is done, you can enable this plugin by following these steps:<\/p>\n\n You will want to log into your WordPress administration panel - (e.g.,\nhttp:\/\/yourdomain\/wp-admin)<\/p><\/li>\n Navigate to Plugins Menu<\/strong> option in your WordPress\nadministration panel<\/p><\/li>\n Select Add New<\/strong><\/p><\/li>\n Type Sucuri<\/strong> in the Search<\/strong> box, and click\nSearch<\/strong> plugins.<\/p><\/li>\n The first option you get should be for Sucuri Security - Website\nFirewall (CloudProxy<\/strong><\/p><\/li>\n Select Install Now<\/strong><\/p><\/li>\n Now choose to Activate<\/strong> the plugin.<\/p><\/li>\n Log into your Sucuri Security dashboard<\/a>.<\/p><\/li>\n Click on the CloudProxy Website Firewall<\/strong> menu option.<\/p><\/li>\n Select settings<\/strong> for the configured website (i.e., next to\nyour website the states should read Activated) and select API.<\/p><\/li>\n Copy the API Key: [randomly generated string]<\/strong>.<\/p><\/li>\n Return to your WordPress administration panel.<\/p><\/li>\n Click on the Sucuri WAF<\/strong> menu option in your WP\nadminstration panel.<\/p><\/li>\n Paste the API Key into the input box next to CloudProxy API\nkey<\/strong>.<\/p><\/li>\n Click Update API Key<\/strong>.<\/p><\/li>\n Sit back and enjoy!!!<\/p><\/li>\n<\/ol>\n\n\n It is the only enterprise class Website Application Firewall (WAF) designed\nfor WordPress users. It is a true WAF providing real-time protection, where\nother plugins are reactive and depend on disclosures before protecting your\nwebsite. It also uses a state of the art whitelist application profiling\nmodel, contrary to traditional blacklisting WAF systems.<\/p><\/dd>\n No. It will actually improve the performance of your website.<\/p><\/dd>\n It's currently set to update on a weekly \/ bi-weekly basis, depending on a\nvariety of factors. We reserve to update more or less frequently, it's\ndependent on operational needs. Bug \/ security fixes always take priority.<\/p><\/dd>\n In order to use this plugin you require a paid subscription so to get support\nyou can log into your Sucuri Security dashboard and submit a\nticket<\/a>.<\/p><\/dd>\n Existing users should feel free to make use of our open Knowledge Base<\/a>.<\/p>\n\n For potential users we recommend starting on the Sucuri Security Website Firewall product page<\/a><\/p><\/dd>\n\n
Denial of Service (DDOS) Security Mitigation<\/h4>\n\n
Brute Force Protection<\/h4>\n\n
Vulnerability Security Exploitation Prevention<\/h4>\n\n
Malware Prevention<\/h4>\n\n
Zero Day Immediate Response<\/h4>\n\n
Credits<\/h3>\n\n
\n
\n
\n