WordPress Security: Sucuri to the rescue

05/10/2011 | Follow me on Twitterhere

One of the most tragic issues to befall a blogger is a security breach.

If you’ve been blogging for any length of time on a site that gets any kind of traffic, you’ve probably experienced a hack of some sort at one point or another.

Many people point to WordPress as being insecure, but this isn’t entirely accurate (assuming a patched, up-to-date version of the application).

Several things can compromise a site’s security:

  • The hosting company (cheap, shared hosts are notorious for infrastructure weaknesses that allow hacks to spread among sites)
  • User error/neglect (if you’re using “admin” as your username, you’ve done half a hacker’s job already)
  • Plugins (outdated, poorly coded plugins should be banished from earth)
  • Themes (less common, but themes can be compromised as well)

So how does one remain secure?

  • Managed hosting options like Page.ly are built on infrastructures that put a priority on security.
  • Services like CloudFlare take things a step further, and can block malicious traffic at the DNS level.
  • A secure password goes a long way towards low-tech attack prevention, as do plugins like Login Lockdown.
  • Keeping the WordPress core (and all plugins) up to date is critical as well.

Anything else?

Why yes. There’s Sucuri.

Sucuri is a “Web Integrity Monitor” that alerts you the moment a pixel moves on your site (I may or may not be exaggerating here…). It’s a service that keeps an eye on your site and alerts you when changes are detected.

Some of the worst hacks are ones that are left undiagnosed. This can lead to your site being blacklisted, losing rankings, and fostering mistrust among visitors who visit your site and see a security warning from their browser.

Here are the key features that Sucuri provides:

  • Monitoring & Alerts
  • Scheduled Checks
  • Website Scanning
  • Malware Clean-up

One of the most helpful features that I use on a weekly basis is the website scanner tool. It allows you to run a security scan on a site and determine whether or not it has been compromised. WordPress version, blacklisting status, and malware information (if applicable) are all reported.

What’s further: the tool goes so far as to indicate the location of a hack (a plugin Javascript file, for example) in many cases. I’ve assisted at least half a dozen people with this tool over Twitter in the past few months, and I would pay for the service just to use this tool.

Why are you telling me all of this, black man?

I thought you’d never ask!

I’m a happy Sucuri customer, and I’d be delighted if you joined me (not an affiliate link). There are quite a few features I didn’t touch on for the sake of brevity, so let a ninja know if you sign up—I’d love to hear what you think of the service.

And if this article’s topic is up your alley, check out the post I wrote on WordPress Security for Art of Blog.