WordPress Security

WordPress Security

Malware Monitoring, Security Scanning and Incident Detection

Remove Blacklisting

The WordPress platform is one of the fastest, most recognizable Content Management Systems (CMS) available to website owners. It dominates over 25 percent of the market share, and has been deployed in large and small organizations alike. With its popularity comes many struggles for website owners; one such struggle is with security.

It's easy to overlook the importance of passive detection and scanning but it's one of the critical functions that you should employ. There are no defenses available that provide you 100 percent certainty that the controls in place will stop attackers from exploiting weaknesses in your environment. To account for this, security professionals employ a number of tools, like malware and security scanning, for continuous and early-detection of potential incidents.


WordPress Security

Malware Monitoring and Security Scanning

There is perhaps no more catastrophic event in a website owner's online existence than when they lose the fight to keep their website safe. It's why we spend a lot of time each year traveling the world to educate website owners and raise awareness to the problem. We also maintain a free WordPress security plugin and guide to cleaning hacked WordPress sites.

If you are a WordPress user, then you've come to the right place. This will apply to most end-users operating the free WordPress download found at WordPress.org. This likely means you are running your website on one of the hundreds of shared or dedicated hosts. Not to worry though, we work very well with a lot of them (i.e., GoDaddy, Site5, SiteGround, BlueHost, HostGator, etc.). You could also be leveraging any number of managed WordPress hosts like WP Engine, Page.ly, Rainmaker or any of the other variations that have come to market over the past few years.

If you're thinking monitoring, then you're already thinking the right way about your security as it's a very critical piece of the overarching information security lifecycle. When we talk about monitoring, we are referring to the detection step in the security wheel. In this section, there are a number of things that we want to be accounting for:

  1. Sucuri AntiVirus: Monitor the security state of your WordPress website
  2. Free Sucuri Plugin: Audit all the activity on your WordPress application

Each action is very distinct and an important part of your everyday administration.

If you're interested in completing the security wheel with protection and response, consider complementing the free WordPress security plugin with the Sucuri Website AntiVirus which includes our Website Firewall. These three components complete the entire security lifecycle and provide you the most comprehensive security any website owner can invest in.

Monitor All Security and Malware Related Events

Comprehensive Malware and Security Scanning and Monitoring for your WordPress Website

The most comprehensive monitoring you can enable for your WordPress website is our Website AntiVirus product. Unlike the free WordPress security plugin (mentioned below), the Website AntiVirus product is powered by malware and security detection engines which allow you to create scanning schedules. It provides two distinct detection methods - remote scans and server-side scans, while providing you the peace of mind that if an event is triggered you will be notified immediately.

The value that the Sucuri AntiVirus provides over the free WordPress security plugin is the comprehensive nature of the scan. Unlike the free plugin, the Sucuri AntiVirus provides more in-depth anomaly detection, more aggressive signature identification and a complete website crawl with each aspect of the scan, increasing the odds of detection.

Sucuri - Website Security - Comprehensive Malware Monitoring

Sucuri - Website Security - Comprehensive Malware Monitoring

Malware monitoring is by far the most effective feature in the Sucuri AntiVirus. Our server-side scanner crawls the back-end of your environment looking for payloads that don't show up in the browser. This is most common in events like backdoors, phishing payloads, and mailer scripts.

Sucuri - Website Security - Server Side Malware Monitoring

Sucuri - Website Security - Server Side Malware Monitoring

The Sucuri Website AntiVirus also provides website owners with scans that monitor both the state of their DNS and WHOIS. These are two very important security scans that many forget to configure and monitor. This is important because, as the website owner, you want to know immediately if your domain now belongs to someone other than the authorized person.

Additionally, you are provided with weekly reporting that shows you the overall security state of your website.

Sucuri - Website Security - Security Reporting

Sucuri - Website Security - Security Reporting Dashboard

Activity Auditing and Remote Malware Scanning

Developed by Sucuri for Auditing and Scanning

To improve your security posture and help address the challenges behind all the activity going on with your WordPress install we've developed a free plugin.

Disclaimer: Note that this plugin was developed for the end-user that is looking to address the auditing component of their overall security posture. It's not designed for the Do It Yourself (DIY) WordPress user. The DIY'er is the type of user that likes to tinker, manipulate or otherwise configure or update settings in an effort to extend their security posture. For those users, we recommend they supplement this tool with a security utility plugins. Sucuri WordPress Security Plugin

The plugin is simple to use and removes all the confusion that you often find in most security plugins. It was built to help compliment our security services and provide you better piece of mind when administering your website. We've put together simple instructions to help you in the installation and configuration process. Additionally, this tool is highly effective after a compromise when performing forensics. All the auditing events are stored offsite, which means that even after an attacker breaks into your website, they will not be able to have access to your logs. All logs are shipped remotely to the Sucuri Security Operation Center (SOC), making them inaccessible to the attacker. This means that the attacker is unable to access the logs and erase evidence that might be useful to the forensic analysis.

Activity Monitoring

This is something few do very well, however, monitoring is so important that it's front and center in the Sucuri dashboard. It's designed to allow you, the website owner, to see everything that is going on with your website. Who is logging in? What are they adjusting? What is being changed? These are all important questions that you should be asking yourself because no one should know more about your website and its operations than you. We've designed this tool to better empower you to make decisions.

Sucuri - WordPress Security Plugin - Auditing

Sucuri - WordPress Security Plugin - Auditing Dashboard

Remote Malware Scanning

As the name implies, this feature is designed to crawl your website remotely. It emulates a number of user agents and referrers in an attempt to trigger a browser event. If an event is triggered, the payload is analyzed against our comprehensive database to identify whether it's malicious or benign.

Sucuri - WordPress Security Plugin - Malware Scanner

Sucuri - WordPress Security Plugin - Remote Malware Scanner

Understand that this is a remote scan, and not a server (application level) scan. The odds are high that our remote scan will miss a server level issue, like backdoors and phishing, since they are often not linked to on your website. Instead, they are injected discretely throughout your install. How the scanner works is very similar to how our very popular free online security scanner, SiteCheck works. We highly encourage you to take some time to learn about SiteCheck to avoid any misunderstandings about what it does and does not detect.

For more comprehensive scans, we encourage you to visit our Website AntiVirus and Firewall products for the most effective, and complete, scanning and security services.

File Integrity Monitoring

The idea of File Integrity Monitoring is not new in the security space. It's also something that some of your favorite security plugins do. It's a process that uses a verification method to compare the current state of a file against a preexisting good state. There are a variety of ways to do this, the most common being to compare the checksum of two files - current and known good. This is not to be confused with malware scanning, but it is a highly effective method of identifying changes in files.

Sucuri - Website Security - File Integrity Monitoring

Sucuri - Website Security - File Integrity Monitoring

This feature extends beyond file changes. It identifies the addition of files, even beyond the core directories (i.e., /wp-admin/ and /wp-includes/), and will account for all directories at the root level including /wp-content/ (i.e., plugins and themes).

WordPress Security Hardening

The hardening this plugin offers is minimal, yet highly effective. This is by design as it's not meant to account for every possible security configuration. For that we encourage you to leverage a security utility toolbox like the one developed by iThemes Security. In our hardening we do focus on some "security through obscurity" concepts, but we also focus on disabling PHP execution and reducing access in key locations. Everything else we leave to other security utility plugins to handle.

Post-Hack Actions

This is a feature that we built into the plugin by popular demand. It's designed to help you after a compromise. What we learned is that many website owners, like you, once compromised, would continue to experience reinfections and often it came down to inappropriate post-hack actions. We felt it was a prevalent enough issue that we needed to help the website owner with the process.

The three features it accounts for include:

  1. Resetting your Salts / Keys after a compromise - this ensures that any user that is currently logged in gets kicked out.
  2. Resetting Passwords for all users - this ensures that all users are forced to create new passwords
  3. Reset of Plugin - often it's easy for plugins to become corrupt because of a hack, we've added a way to quickly reinstall plugins to avoid any possible issues.
Sucuri - WordPress Security - Post Hack Steps

Sucuri - WordPress Security - Post Hack Steps

Website Firewall - Optional

Our Website Firewall is an optional product that comes with our Website Antivirus or it can be added as a standalone product. This section is an integration point for our Website Firewall. The Website Firewall is a reverse proxy that filters all your traffic through one of various Points of Presence (POPs) around the world. It allows Sucuri to see all incoming traffic and proactively defend your website from various website attacks like Distributed Denial of Service (DDoS), software vulnerability exploitation, and brute force attacks.

The integration allows you to quickly see the various events and attacks occurring against your website.

Sucuri - WordPress Security - Website Firewall Integration

Sucuri - WordPress Security - Website Firewall Integration

This feature provides for more in depth analysis and reports via your internal Sucuri Dashboard as well:

Sucuri - WordPress Security - Website Firewall Dashboard

Sucuri - WordPress Security - Website Firewall Dashboard

Security Notifications

All these security monitoring events would be incomplete if you didn't know about them, which is why we also integrate email notifications. These notifications allow you to configure your notices to best meet your security needs. You can choose to know about everything, or very few things. Either way, you are empowered to choose based on your level of comfort.

Sucuri - WordPress Security - Email Notifications

Sucuri - WordPress Security - Email Notifications

Complete WordPress Security!

Sucuri Website AntiVirus