Support » Plugin: Sucuri Security - Auditing, Malware Scanner and Security Hardening » Doesn't always work & shows blacklist a long time after cleaning

  • My site was infected by malware 6 months ago. The Sucuri plugin didn’t even detect it; its only contribution was to tell me I was blacklisted (which I knew already because of an email from Google Webmaster Tools.) But Wordfence told me exactly what was going on, and where.

    Removed the spyware and was able to get off Google blacklist within 48 hours.

    Yet 6 months later, this plugin still shows me on the Google blacklist. (And I promise you: it just ain’t on there.)

    The same has since held true for several of my sites. Sucuri doesn’t detect the attack shell at ALL, and then keeps telling me I’m on a blacklist, long after the fact.

    I will say I like the “one-click hardening” (assuming it’s doing something), but thanks to plugins like Better WP Security and Wordfence, I haven’t gotten hacked since.

    Bottom line: This may be a great plugin, and some people seem to love it, but as far as I can tell this is 90% an ad for Sucuri’s malware removal service, and otherwise a lackluster plugin at best.

    If it can’t detect the presence of an attack shell on a WP platform, then uh … what exactly is it?

    (To clarify, it HAS successfully detected them AFTER a Google blacklist, but Wordfence has found the SAME shell BEFORE a blacklist; leading me to believe Sucuri may rely on a blacklist report from Google to generate its “results,” which isn’t the same as what Wordfence is doing: keeping me off the blacklist in the first place.)

    Apologies if I’m wrong.

Viewing 3 replies - 1 through 3 (of 3 total)
  • Trying to change it to 2 stars, but apparently I can edit the text, but not the rating. But since all the other reviews are 5 stars, I guess it’s not the end of the world. Let this serve as my meager two cents.

    Hi pata1, this is likely because it was a conditional malware. SiteCheck is scanning the site remotely, not from the file system like Wordfence does for core files.

    The Sucuri SiteCheck scanner which is the API the plugin scans through will check the code on the URL you give it, plus anything linked to that. If you’re running an application like WordPress or Joomla that has infected files but they are not served during a page request, we cannot see the infection remotely. In terms of this plugin, it uses SiteCheck to check the site URL so this fully applies.

    The most accurate way to check for malware is of course checking files directly, the only way to do that is to be inside of your file system which is not what the plugin does. It uses definitions from a remote source to check the output of your site as it is rendered.

    Hope this helps clarify.


    It might be worth bumping this up to five stars now, since they have rolled the functionality you were missing into this plugin in a recent release.

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘Doesn't always work & shows blacklist a long time after cleaning’ is closed to new replies.