I install this plugin and weeks later one of the sites I manage gets hacked and random text is entered on pages... Nothing else.
1. The Sucuri plugin (and all others) stayed untouched, not been deactivated, not been deleted, what an ethical hacker...
2. The IP of the login was not hidden, it came from Wenzhou China (yeah right...).
3. The hack was logged and recorded... the hacker didn't even bother to delete his traces, with the exact pages that were affected. For someone who brute force attacked the server for weeks in a row (and still trying as I type this review)... this hack is just insanely fake.
4. Only admin got hacked, nobody else... and admin is not even called admin. How could the hacker know the exact username of admin?
5. This site is part of a whole WordPress network with about 10 well visited sites in it, the hacker could and SHOULD have added his spam to the whole network if he really was in there to put spam.
Here is the list of every IP address that is trying to attack... do you get a similar list? Please let me know if you do.
This is not really a plugin as such - it does very little. It is merely a vehicle to try and get you to purchase their actual plugin for a ridiculous amount of money.
The description say "The best part, its completely free". That's not the case. plan are as high as $300 a year and as low as $89. There are no free versions.
I would give zero stars for misleading me if I could.
it just scanner ... nothing else ...
My site was infected by malware 6 months ago. The Sucuri plugin didn't even detect it; its only contribution was to tell me I was blacklisted (which I knew already because of an email from Google Webmaster Tools.) But Wordfence told me exactly what was going on, and where.
Removed the spyware and was able to get off Google blacklist within 48 hours.
Yet 6 months later, this plugin still shows me on the Google blacklist. (And I promise you: it just ain't on there.)
The same has since held true for several of my sites. Sucuri doesn't detect the attack shell at ALL, and then keeps telling me I'm on a blacklist, long after the fact.
I will say I like the "one-click hardening" (assuming it's doing something), but thanks to plugins like Better WP Security and Wordfence, I haven't gotten hacked since.
Bottom line: This may be a great plugin, and some people seem to love it, but as far as I can tell this is 90% an ad for Sucuri's malware removal service, and otherwise a lackluster plugin at best.
If it can't detect the presence of an attack shell on a WP platform, then uh ... what exactly is it?
(To clarify, it HAS successfully detected them AFTER a Google blacklist, but Wordfence has found the SAME shell BEFORE a blacklist; leading me to believe Sucuri may rely on a blacklist report from Google to generate its "results," which isn't the same as what Wordfence is doing: keeping me off the blacklist in the first place.)
Apologies if I'm wrong.
You must log in to submit a review. You can also log in or register using the form near the top of this page.