The Sucuri WordPress plugin is available for free installation in the WordPress repository. Our security plugin comes with hardening features, malware scanning, core integrity check, post-hack features and email alerts, to help keep your website protected.Install Plugin Now
Keep in mind that the Sucuri Security plugin requires WordPress version 3.6 or higher, and administrative privileges for installation.
You have control over the Sucuri plugin settings to fit your website needs. Customize email alerts, schedule scans, whitelist or blacklist files, and more.
Our security plugin is user-friendly, but if you need additional help, you can always read our How to Use the WordPress Security Plugin Guide.
The Sucuri SiteCheck scan finds malicious code that is visible in the external source code of your site and identifies any core file integrity issues.
Security hardening options are preventative measures to increase security in areas of your website that could become avenues for attack. This is done by adding a set of rules to the website .htaccess file and verifying secure configurations.
Email alerts are enabled by default. You can customize the email and recipients for any alerts generated by the plugin. These alerts will keep you informed of any suspicious activity observed on your website.
Our scanning engine is fast and lightweight for any environment. SiteCheck remote scanners are constantly updated to address the spread of malicious content, blacklisted status, website errors and out-of-date software.
This section of the plugin offers measures for when your site has been compromised. More information is available on steps to take when your site has been compromised in our free How to Clean a Hacked WordPress Guide.
You can connect the Sucuri Firewall to the WordPress plugin using the Firewall (WAF) option of the Sucuri plugin for advanced protection. This is only available for customers who have any of our platform plans and not as a feature included in the Sucuri plugin.
In a few simple steps, you can install the WordPress Security Plugin. Download the Sucuri Security plugin directly from the WordPress official repository to install it manually.
Alternatively, from your WordPress Plugin dashboard, search for Sucuri and select Sucuri Security – Auditing, Malware Scanner and Security Hardening. Once the plugin is installed and activated, you can access all features by clicking the Sucuri Plugin option on the WordPress menu.
Activating the API allows your WordPress account to connect to our server. If an attacker somehow compromises your site and removes the plugin’s audit logs from your server, they can be recovered from our server for investigation.
Once the API key is generated, the plugin will communicate with a remote API service that acts as a safe data storage for the audit logs. If the website is hacked, the attacker will not have access to these logs. You can review any modifications made as well as see how the malicious attacker gained access to the website.
For the multisite installations, this is different. A WordPress MU installation will force each site to share the core files. Generally the content is inside the “wp-content” directory (where the plugin’s data is stored). All information processed by the plugin, except the settings, will be shared among every site inside the network. More details can be found in our WordPress Plugin Guide.
Learn how to identify issues if you suspect your WordPress site has been hacked.Watch Now
Join our email series as we offer actionable steps and basic security techniques for WordPress site owners.Sign Up
Based on our data, the three most commonly infected CMS platforms were WordPress, Joomla! and Magento.Read Now
Learn security best practices for WordPress websites to improve website posture and reduce the risk of a compromise.See Now