Malware Monitoring, Removal and Prevention

Web Integrity Monitoring

Cloud-Based Website Integrity Monitoring

Our scanning feature intelligently crawls and identifies infections across any platform. The scanner leverages internal definitions that are refined daily, external sources, and intelligence to identify both potentially harmful signatures and anomalies that may not be known. This scanner powers Sucuri SiteCheck, our popular free website scanner, and our internal monitoring service.

Every plan includes a number of monitoring options, each of which provides a slew of information that help to determine malicious activity.

Monitoring Services:

Malware Monitoring

On by default for all clients, this option leverages our scanning service to identify malware, SPAM injections, website errors, disabled sites, database connection issues and code anomalies that require special attention.

Our scanner is highly sophisticated and designed to identify a number of different infection types. The monitoring is divided into two unique methodologies. The first is based on remote scans and the second on server level scans.

Remote scans have the ability to detect the following infection types:

  • Obfuscated JavaScript injections
  • Cross Site Scripting (XSS)
  • Website Defacements
  • Hidden & Malicious iFrames
  • PHP Mailers
  • Phishing Attempts
  • Malicious Redirects
  • Backdoors (e.g., C99, R57, Webshells)
  • Anomalies
  • Drive-by-Downloads
  • Social Engineering Attacks
  • SEO Blackhat Spam
  • Pharma Hacks
  • Conditional Redirects
  • Mobile Redirects

Server Side scans are included with all malware removal plans, but must be configured separately. They have the ability to detect these infection types:

  • Phishing Pages
  • Backdoors (e.g., C99, R57, Webshells in various langauges)
  • Code Anomalies
  • Obfuscated Injections

Scanning is most comprehensive when both scan-types are used in unison. Imagine it like your vision. When you use one eye, you aren’t able to see everything in front of you, but opening both eyes allows you to fill in the blind spots.

The remote scanner emulates a subset of user agents and referrers that allow the scanner to treat payloads that present themselves to the end-user’s browser. This is important because it’s how your end-users interact with your website.

The server side scanner is limited because it is not remote (luckily, the remote scanner makes up for that). This scanner is dependent on server level access and has the ability to crawl every file on your server. This makes it ideal for things that don’t present themselves on a client’s browser, things like Backdoors and Phishing files.


This option is set “on” by default for all users. We recommend that it is left active because blacklisting and reasons for blacklist status can be confusing. There are a number of blacklisting authorities that monitor for malware, SPAM, and phishing attempts. Our blacklisting option leverages the APIs for these authorities and insures you’ll that know when your site is hacked:

  • Sucuri
  • Google Safe Browsing
  • Norton
  • AVG
  • Phish Tank (Phishing Specifically)
  • McAfee SiteAdvisor


Whois is an internet directory that provides information on who owns a domain. It is regulated and monitored by the Internet Corporation for Assigned Names and Numbers (ICANN) which is responsible for registration of all domains. This record contains information about the Registrant (the person who owns the domain), the Registrar (the entity that registered the domain), the dates, nameservers and other similar, and important, information.

If at any time the information changes you will be notified.

Domain Name System (DNS)

DNS is a protocol used by all computers to intelligently communicate with each other, it’s part of the TCP/IP protocol suite. Its specific function is to turn a website’s name (, for example) into an internet protocol (IP) address like 123.45.567.891. The name provided by DNS is what we use as humans to read the site name, the IP is what the computers use to communicate.

This monitoring option will monitor the IP address and associated DNS information of your domain for any changes. It’s rare for it to change, but if it does we will notify you.

SSL Certification

If you are using Secure Socket Layer (SSL), a secure protocol to transmit over HTTP securely, you are most likely using a SSL certificate. The SSL certificate is returned to a visitor of your site upon HTTPS request. This certificate often contains your site information and, in some instances, company information.

If using a SSL certificate this option allows you to ensure it doesn’t change unexpectedly, if it does a notification will be sent.

Website Change

This service creates a snapshot of your site and if a change is made you will be notified. Changes that this service track include:

  • New Posts
  • New Pages
  • Content Changes
  • Social Media Changes (Tweets, Likes, etc..)
  • Threaded Messages / Comments

This option is best used with static pages as it can generate a high volume of email notifications.

Search Engine Result Pages (SERP)

One of the hardest things to detect for any website scanner is the state of your website when Google Blacklists it. Those blacklists come in many forms. One such form is by making it apparent to potential website visitors when they return results of a search.

A search engine results page (SERP) is the listing of results returned by a search engine in response to a keyword query. – Wikipedia

This is an example of a clean SERP:


These SERP’s are highly sought after by attackers, it provides them an opportunity to intercept your traffic and make money off your visitors. They exploit those visits by 1) generating impressions on their websites (often Pharmaceutical related pages) and 2) redirecting users to infected websites that try to exploit the client’s desktop environments (i.e., PC, Mac’s, etc…).


    • Sucuri helps me sleep at night knowing that our websites and user data is secure. Over the years, Sucuri has helped us detect and prevent major hack attempts. I recommend Sucuri to all of my clients and users because they offer the most comprehensive and cost effective WordPress security solution. I've done my industry research, and there's no one better than these guys.

      —Syed Balkhi, Founder, WPBeginner


    • Let's be honest: the web can be a scary place sometimes. Having done many a WordPress malware cleanup in my day, I've found Sucuri to do a better job than I ever hoped I could do. Not only are they thorough, but they're fast as heck and affordable to boot. You don't just walk into a bad situation without some protection. Sucuri *is* that protection.

      —Andrew Norcross, Founder & Lead Developer @Reaktiv Studios, WordCamp Speaker

      Reaktiv Studios

    • We partnered with Sucuri for our WordPress migration and dehacking services as their capabilities are significantly more comprehensive than anything we’ve seen in the industry.

      —Brian Clark, CEO of Coppyblogger Media


    • I like to think I know security, but there is only one company I trust when it comes to the security of my websites, that company is Sucuri. They are, in my opinion, hands-down the leader in web-malware protection and cleanup services. Trust the experts, hire these fools!

      —Brad Williams, Co-Founder WebDevStudios, Co-Author Professional WordPress Series


    • When you’re talking about protection for your WordPress site and the things most important to you — your content — you want to trust the experts. There’s really no better choice than the team at Sucuri.

      —Cory J. Miller – Founder / CEO of


    • Before Sucuri we didn’t know that someone was hacked until they told us. (Or actually, when Google blocked their site!) Now we find and fix problems before they even know what’s happening. It’s a Godsend, it’s as simple as possible, and it’s so affordable that quite frankly it’s irresponsible to not use them!

      —Jason Cohen, CEO of WP Engine

      WP Engine

    • As the owner of, a shared web hosting company, we are always fighting malware and spam. Recently we partnered with Sucuri and now all our accounts are monitored. I love this product! It not only protects our customers from malware, but these guys will fix a hack in 4 hours.

      —Carel Bekker, Owner/President of


    • Sucuri is my go to service for web based security and are the group that I recommend, exclusively, to my clients and readers, in particular WordPress users.  They are affordable, they work fast and they get the job done – as a bonus, they’re a fun group to work with!

      —Lisa Sabin-Wilson – Author: WordPress For Dummies; Designer, Co-Founder Allure Themes, Founder E. Webscapes

      E. Webscapes

    • Though I believe my sites are secure, it would be inexcusable for me not to use Sucuri’s service and be absolutely sure around the clock.

      —Scott Kingsley Clark, Lead Developer, Pods Framework


Scan your website FOR FREE