WordPress Malware Monitoring and Security Scanning
There is perhaps no more catastrophic event in a website owner's online existence than when they lose the fight to keep their website safe. It's why we spend a lot of time each year traveling the world educating website owners and raising awareness to the problem.
If you are a WordPress user, then you've come to the right place. This will apply most to those end-users operating the free WordPress download found at WordPress.org. This likely means you are running your website on one of the 100's of shared or dedicated hosts, not to worry though, we work very well with a lot of them (i.e., GoDaddy, Site5, SiteGround, BlueHost, HostGator, etc..). You could also be leveraging any number of managed WordPress hosts like WP Engine, Page.ly, Rainmaker or any of the other variations that have come to market over the past few months / years.
If you're thinking Monitoring, then you're already thinking the right way about your security as it's very critical piece of the overarching Information Security lifecycle.
When we talk about Monitoring, we are referring to the Detection step in the security wheel. In this section, there are a number of things that we want to be accounting for:
- Sucuri AntiVirus: Monitor the security state of your WordPress website
- Free Sucuri Plugin: Audit all the Activity on your WordPress application
Each action is very distinct and an important part of your everyday administration.
If you're interested in completing the security wheel as described above, consider supplementing your WordPress Security plugin with Sucuri's Website AntiVirus product. Together, these three components, provide you the most comprehensive security any website owner can invest in and completes the entire security lifecycle.
1. WordPress Security Monitoring (Sucuri AntiVirus)- Monitor All Security and Malware Related Events
Comprehensive Malware and Security Scanning and Monitoring for your WordPress website
The most comprehensive monitoring you can enable for your WordPress website is our Website AntiVirus product. Unlike the free WordPress Security Plugin (mentioned below), the Website AntiVirus product is powered by malware and security detection engine and allows you to create scanning schedules. It provides website owners two distinct detection methods - Remote scans and Server-side scans, while providing you the peace of mind of knowing that if an event is triggered you will be notified immediately.
The value that the Sucuri AntiVirus provides over the free WordPress Security plugin is the comprehensive nature of the scan. Unlike the free plugin, the Sucuri AntiVirus provides for more in-depth anomaly detection, more aggressive signature identification and provides a more complete website crawl with each aspect of the scan increasing the odds of detection.
Sucuri - Website Security - Comprehensive Malware Monitoring
Malware monitoring is by far the most effective feature in the Sucuri AntiVirus. Our server-side scanner crawls the back-end of your environment looking for payloads that don't present themselves on the browser. This is most common in events like backdoors, phishing payloads, and mailer scripts.
Sucuri - Website Security - Server Side Malware Monitoring
The Sucuri Website AntiVirus, also provides website owners with scans that monitor both the state of their DNS and WHOIS. These are two very important security scans that many forget to configure and monitor. This is important because, as the website owner, you want to know immediately if your domain now belongs to someone other than the authorized person.
Additionally, you are provided with weekly reporting that shows you the overall security state of your website.
Sucuri - Website Security - Security Reporting Dashboard
2. WordPress Security Plugin (Free) - Activity Auditing and Remote Malware Scanning
WordPress Security Plugin - Developed by Sucuri for Auditing and Scanning
To improve your security posture and help address the challenge you have keeping an eye on all the activity going on with your WordPress install we've developed a Free plugin.
Disclaimer: Note that this plugin was developed for the end-user that is looking for the pieces of the security puzzle they require to address their overall security posture. It's not designed for the Do It Yourself (DIY) WordPress user. The DIY'er is the type of user that likes to tinker, manipulate or otherwise configure or update settings in an effort to extend their security posture. For those users, we recommend they supplement this tool with a security utility plugins.
The plugin is simple to use and removes all the confusion that you often find in most security plugins. It was built to help compliment our security services and provide you better piece of mind when administering your website. We've put together simple instructions in one location to help you in the installation and configuration process. Additionally, this tool is highly effective after a compromise when performing forensics. All the auditing events are stored offsite, which means that even after an attacker breaks into your website, they will not be able to have access to your logs. All logs are shipped remotely to the Sucuri Security Operation Center (SOC), making them inaccessible to the attacker. This means that the attacker is unable to access the logs and erase evidence that might be useful to the forensic analysis.
WordPress Activity Monitoring
This is something that no one has been able to do very well. We feel it's so important that it's front and center in your dashboard. It's designed to allow you, the website owner, to see everything that is going on with your website. Who is logging in? What are they adjusting? What is being changed? These are all important questions that you as a website owner need to be asking yourself. No one should know more about your website and it's operations than you, so we've designed this tool to better empower you to make decisions.
Sucuri - WordPress Security Plugin - Auditing Dashboard
WordPress Remote Malware Scanning
As the name implies, this feature is designed to crawl your website remotely. It emulates a number of user agents and referrers in an attempt to trigger a browser event. If an event is triggered, the payload identified is used and analyzed against our comprehensive database to identify whether it's malicious or benign.
Sucuri - WordPress Security Plugin - Remote Malware Scanner
Understand that this is a remote scan, and is not a server (application level) scan. The odds are high that our remote scan will miss a server level issue, like backdoors and phishing, since they are often not linked on your website. Instead, they are injected discretely throughout your install. How the scanner works is very similar to how our very popular free online security scanner, SiteCheck works. We highly encourage you to take some time to read up on how the engine works to avoid any misunderstandings about what it does and does not detect.
For more comprehensive scans, we encourage you to visit our Website AntiVirus and Firewall products for the most effective, and complete, scanning and security services.
WordPress File Integrity Monitoring
The idea of File Integrity Monitoring is not new in the security space. It's also something that some of your favorite security plugins do. It's a process that uses a verification method to compare the current state of a file against a preexisting good state. There are a variety of ways of doing this with the most common being comparing the checksum of two files - current and known good. This is not to be confused with malware scanning, but it is a highly effective method of identifying changes in files.
[caption id="attachment_7595" align="aligncenter" width="900"]
Sucuri - Website Security - File Integrity Monitoring
This feature extends beyond file changes. It will also identify the addition of files, which is very effective for you as the website owner. This will also extend beyond the core directories (i.e., wp-admin and wp-includes) and will account for all directories at the root, meaning wp-content will be covered (i.e., plugins and themes).
WordPress Security Hardening
The hardening this plugin offers is minimal, yet highly effective. This is by design as it's not meant to account for every possible security configuration. For that we encourage you to leverage a security utility toolbox like the one developed by iThemes Security. In our hardening we do focus on some "security through obscurity" concepts, but we also focus on disabling PHP execution and reducing access in key locations. Everything else we leave to other security utility plugins to handle.
This is a feature that we built into the plugin by popular demand. It's designed to help you after a compromise. What we learned is that many website owners, like you, once compromised, would continue to experience reinfections and often it came down to inappropriate post-hack actions. We felt it was a prevalent enough issue that we needed to help the website owner with the process.
The three features it accounts for include:
- Resetting your Salts / Keys after a compromise - this ensures that any user that is currently logged in gets kicked out.
- Resetting Passwords for all users - this ensures that all users are forced to create new passwords
- Reset of Plugin - often it's easy for plugins to become corrupt because of a hack, we've added a way to quickly reinstall plugins to avoid any possible issues.
Sucuri - WordPress Security - Post Hack Steps
WordPress Website Firewall - Optional
Our Website Firewall is an optional product that comes with our Website Antivirus or it can be added as a standalone product to your website. This section is an integration point for our Website Firewall
. The Website Firewall is a reverse proxy that filters all your traffic through one of various Points of Presence around the world. It allows Sucuri to see all incoming traffic and to proactively defend your website from the various website attacks like Distributed Denial of Service (DDOS), Software Vulnerability Exploitation and Brute Force attacks.
The integration allows you to quickly see the various events and attacks occurring against your website.
Sucuri - WordPress Security - Website Firewall Integration
This feature provides for more in depth analysis and reports via your internal Sucuri Dashboard as well:
Sucuri - WordPress Security - Website Firewall Dashboard
WordPress Security Notifications
All these security monitoring events would be incomplete if you didn't know about them, and we realize it's impossible to see it all, which is why we also integrate email notifications. These notifications allow you to configure your notices to best meet your security needs. You can choose to know about everything, or to know about very few things. Either way, you are empowered to choose your level of comfort.
Sucuri - WordPress Security - Email Notifications