WordPress.org

Plugin Reviews

Sucuri Security - Auditing, Malware Scanner and Security Hardening

The Sucuri WordPress Security plugin is a security toolset for security integrity monitoring, malware detection and security hardening.

8 reviews
Average Rating
4.6 out of 5 stars
You are currently viewing the reviews that provided a rating of 1 star. Click here to see all reviews.
It got hacked
By ,

This plugin got hacked on our site.

Didn't work at all
By , for WP 4.4.2

I used the malware scan on a website that was known to be infected and it didn't find anything on the website.

There were files uploaded to the server and all pages/posts in the website had dangerous javascript added and this plugin said the website was completely safe.

HORRIBLE
By , for WP 4.4

Wont show me the maleware when i try and view and all they offer is full yearly subscriptions- waste of time and not a good plugin- they make you have to upgrade

good plugin but...
By , for WP 4.3

I install this plugin and weeks later one of the sites I manage gets hacked and random text is entered on pages... Nothing else.

1. The Sucuri plugin (and all others) stayed untouched, not been deactivated, not been deleted, what an ethical hacker...
2. The IP of the login was not hidden, it came from Wenzhou China (yeah right...).
3. The hack was logged and recorded... the hacker didn't even bother to delete his traces, with the exact pages that were affected. For someone who brute force attacked the server for weeks in a row (and still trying as I type this review)... this hack is just insanely fake.
4. Only admin got hacked, nobody else... and admin is not even called admin. How could the hacker know the exact username of admin?
5. This site is part of a whole WordPress network with about 10 well visited sites in it, the hacker could and SHOULD have added his spam to the whole network if he really was in there to put spam.

Here is the list of every IP address that is trying to attack... do you get a similar list? Please let me know if you do.

174.139.72.116
46.119.118.81
209.59.162.151
104.171.10.70
95.110.252.149
217.160.165.34
185.93.187.49
46.118.157.228
107.20.84.103
209.200.232.55
85.114.132.64
103.8.29.48
207.167.196.33
91.200.12.49
91.200.12.86
188.143.234.66
104.243.129.210
217.160.166.180
195.154.236.232
120.37.207.18
27.153.209.190
140.237.6.24
222.77.227.157
110.89.10.113
121.205.239.23
27.150.246.201
117.26.193.70
27.153.218.1
125.78.199.226
222.77.215.55
120.37.207.133
121.205.214.169
120.43.11.119
120.37.210.68
110.85.115.138
120.37.236.49
120.43.5.254
142.54.184.181
222.77.207.209
94.153.10.239
178.136.197.158
222.77.224.29
109.104.115.125
195.154.251.120
195.154.241.166
220.173.112.190
195.154.237.149
54.246.111.190
104.197.50.205
134.249.55.157
46.164.233.111
195.154.250.216
195.154.241.35
183.89.17.219
83.139.191.225
83.147.116.133
116.102.1.50
113.190.227.213
188.161.108.173
182.52.115.245
46.98.165.124
209.67.159.209
52.8.66.242
46.119.122.15
46.164.241.15
210.124.118.212
113.109.87.72
67.227.189.97
198.57.180.55
83.139.151.126
173.208.177.59
79.118.152.34
185.87.121.69
82.220.34.47
195.210.46.114

Not a plugin
By , for WP 4.1.1

This is not really a plugin as such - it does very little. It is merely a vehicle to try and get you to purchase their actual plugin for a ridiculous amount of money.

ITS NOT FREE
By , for WP 3.9

The description say "The best part, its completely free". That's not the case. plan are as high as $300 a year and as low as $89. There are no free versions.

I would give zero stars for misleading me if I could.

it just scanner
By , for WP 3.5.2

it just scanner ... nothing else ...

Doesn't always work & shows blacklist a long time after cleaning
By , for WP 3.4.2

My site was infected by malware 6 months ago. The Sucuri plugin didn't even detect it; its only contribution was to tell me I was blacklisted (which I knew already because of an email from Google Webmaster Tools.) But Wordfence told me exactly what was going on, and where.

Removed the spyware and was able to get off Google blacklist within 48 hours.

Yet 6 months later, this plugin still shows me on the Google blacklist. (And I promise you: it just ain't on there.)

The same has since held true for several of my sites. Sucuri doesn't detect the attack shell at ALL, and then keeps telling me I'm on a blacklist, long after the fact.

I will say I like the "one-click hardening" (assuming it's doing something), but thanks to plugins like Better WP Security and Wordfence, I haven't gotten hacked since.

Bottom line: This may be a great plugin, and some people seem to love it, but as far as I can tell this is 90% an ad for Sucuri's malware removal service, and otherwise a lackluster plugin at best.

If it can't detect the presence of an attack shell on a WP platform, then uh ... what exactly is it?

(To clarify, it HAS successfully detected them AFTER a Google blacklist, but Wordfence has found the SAME shell BEFORE a blacklist; leading me to believe Sucuri may rely on a blacklist report from Google to generate its "results," which isn't the same as what Wordfence is doing: keeping me off the blacklist in the first place.)

Apologies if I'm wrong.

You must log in to submit a review. You can also log in or register using the form near the top of this page.