Sucuri Security - Website Firewall (CloudProxy)

Sucuri Inc is a globally recognized authority in all matters related to website security, with specialization in WordPress Security. The Sucuri Security Website Firewall(CloudProxy) product is a Cloud-based Website Application firewall (WAF) and Intrusion Prevention System (IPS) providing everyday website owners Enterprise class security at an affordable cost. This security plugin extends the management of the Website Firewall, making it available to you in your WordPress dashboard. All security features are not available in this plugin and for a complete list of the security feature, and its management, visist your Sucuri Security Dashoard. This security plugin performs it's security hardening remotely via a service so it does not contain any additional hardening, it employs a number of features like virtual hardneing and patching that provide all the security hardening your website requires. Additionally, the security hardening is performed off your web server, alleviating the load that attacks place on your existing webserver resources. This service only available via a paid subscription of the Sucuri Website Firewall product. The Sucuri Website Firewall (CloudProxy) product offers you enterprise class perimeter security for your website, addressing some of the biggest issues WordPress websites face in regards to security. This WordPress Security plugin can be used in conjunction with other plugins. It does not replace the Sucuri Security - Auditing, Malware Scanner and Hardening plugin. The features found in this plugin have been integrated into that plugin, installing it will remove this plugin and wrap everything into one toolset. Some of the security issues this product protects your website includes:

• Security Filtering of all traffic - blocking all security related issues before it hits your website / web server
• Apply Security Patches Virtually
• Virtual Security Hardening
• Block of Cross Site Scripting (XSS) attacks
• Block of SQL Injection (SLQi) attacks
• Block of Remote / Local File Inclusion (RFI/LFI) attacks
• Block of Remote Code Execution (RCE) attacks
• Advanced Security Access Control Features (i.e., IP whitelisting, 2FA, etc..)
• Performance Optimization
• Fully Managed Security Protection for Your Website

A few features of the Sucuri Security Website Firewall product deserve special attention for the added value website owners get. They include: Denial of Service (DDOS) Security Mitigation Denial of Service (DoS/DDoS) attacks are not new, but are growing in popularity. The introduction of new booster services, that allow any online users to pay someone else to attack someone elses website, have created an influx of DoS attacks. They range in scale and impact, but often the impact of such an attack is simple - to bring your website down. Kill it's availability and make sure that your visitors are unable to access the website. This is especially true if you are leveraging shared server space, this often means the resources allocated to your one website are marginal and any influx in traffic could completely disable your websites performance. If the problem persits, you run the risk of getting kicked off your hosts environment. Brute Force Protection This is a serious issue in WordPress security. There was a time where many perceived this to be an impossibility due to challenges in networks, that is no longer the case. Technology has made it so that the latency that was once introduced via networks is no longer the bottlekneck. Brute Force attacks are a security threat that every website owner must be mindful of. It's an act in which the attacker attempts to continously penetrate your environment, using a variety of attempts with varying username / password combination in an effort to gain entry. With the hopes that they will get lucky. This can be achieved with other security plugins, but attackers continue to develop evasive techniques to bypass security plugins that live an operate at the application layer of your website. This security protection takes place at the edge, offloading the attack from your web server and providing you optimal website security. Vulnerability Security Exploitation Prevention This is one of the neatest features our product has to offer. Our research into vulnerabilities has led to some of the largest security disclosures in 2014 pertaining to software security vulnerabilities. This has affected some of the largest brands to inlcude the MailPoet Newsletter plugin, All-in-One SEO plugin, RevSlider plugin, and many more. Vulnerabilty exploitation is a big issue today for website owners leveraging the WordPress platform. It is easy to install WordPress, even easier to find a plugin that performs a specific function, but often the last thought a website owner has is around the security of the code they are putting into their website. It's also impossible for the website owner to know whether the code is good or bad, or what to do if it's bad but still offers the feature they are interested in. Being able to stop attackers from exploiting these security weaknesses is imperative for website owners. Malware Prevention A malware issue is a security event in which Malicious Software (Malware) has been injected into your website. It often comes in the form of a drive-by-download or something equivalent in which your website is used as a spring board to attack your visitors. Imageine for a moment that someone visiting your website, trusts that your security is top-notch, and gets their local machine hacked. The attacker then proceeds to steal all their credentials (i.e., emails, social media account, financial institutions). This user has now lost their life savings and is unable to pay their bills while the matter gets resolved, which can take months if not years. This is the reality of the pain malware introduces. Zero Day Immediate Response This is a very unqiue security feature that allows our security team to respend immediately when a new security incident is released. Zero day events occur all the time, they are events that are released for public consumption but have no existing solutions in place. This happens when an attacker identifies a potentially big issue and is interested in watching it all burn. When this happens your website is left to it's own devices to implement a solution that addresses the problem, if you don't implement it in time or adequately you run the risk of getting compromised. With this security feature, Sucuri is able to proactively protect your website within minutes of a security event, like a Zero Day, being released to the world. Example of this at work include the recent Bash vulnerabilities, and many of the software vulnerabilities mentioned above (i.e., RevSlider, Mailpoet, etc...). You can read more about some of the features here: Sucuri Security - Website Firewall (CloudProxy) Update-to-date pricing and features can always be found on the Plans & Pricing page.

Make note that this plugin requires the purchase of the Sucuri Security Website Firewall (CloudProxy) security product. To attain this product you must signup via the Website Firewall purchase page. Once that is done, you can enable this plugin by following these steps:

1. You will want to log into your WordPress administration panel - (e.g., http://yourdomain/wp-admin)
2. Navigate to Plugins Menu option in your WordPress administration panel
3. Select Add New
4. Type Sucuri in the Search box, and click Search plugins.
5. The first option you get should be for Sucuri Security - Website Firewall (CloudProxy
6. Select Install Now
7. Now choose to Activate the plugin.
8. Log into your Sucuri Security dashboard.
9. Click on the CloudProxy Website Firewall menu option.
10. Select settings for the configured website (i.e., next to your website the states should read Activated) and select API.
11. Copy the API Key: [randomly generated string].
12. Return to your WordPress administration panel.
13. Click on the Sucuri WAF menu option in your WP adminstration panel.
14. Paste the API Key into the input box next to CloudProxy API key.
15. Click Update API Key.
16. Sit back and enjoy!!!

1.4

• Cleaning up a few typos.

1.3

• Readme and content changes.

1.2

• Fixed CloudProxy status when behind a CDN.
• New calls to API v2.
• Code cleanup.

1.1

• Improved messaging.

1.0

• Added support for the new servers and naming we have.

0.8

• Adding filters + new API url.

0.7

• Adding pagination to the results.

0.6

• A few more audit logs improvements.

0.5

• Adding more details on the caching type and audit logs.

0.3

• Fixed some typos.

0.2

• Added option to allow the user to clear their CloudProxy caching.
• Added listing of the latest audit log entries.

0.1

• First version.