开发者 |
dd@sucuri.net
wordpress@sucuri.net |
---|---|
更新时间 | 2025年6月6日 00:10 |
PHP版本: | 3.6 及以上 |
WordPress版本: | 6.8 |
版权: | GPLv2 or later |
版权网址: | 版权信息 |
More information on the Sucuri Security WordPress plugin can be found in our Knowledge Base. One of the standout features of our WordPress plugin is the comprehensive audit logging system. At Sucuri, we recognize that every change within your application can be a potential security event. From user logins to content modifications, our audit logs are designed to capture all security-related activities on your site. These logs provide you with crucial visibility into your website's operations, answering key questions such as:
Security File Integrity Monitoring has been fundamental to the world of security. It's the act of comparing a known good with the current state. If the current state differs from the known good, you know you have a problem. This is the basis of a lot of host intrusion detection systems. We have built that into this plugin. It will create a known good the minute the plugin is installed. This will be of all the directories at the root of the install, including plugins, themes and core files.
Once this plugin is installed and activated, we automatically scan your site searching for known malware, viruses, blacklisting status, website errors, out-of-date software, and malicious code. We access your site just like a regular visitor would as this helps us catch threats that try to stay hidden from bots or search engines. This feature is powered by our free website security scanner – SiteCheck.
Another very interesting feature of the website Security Malware Scanner is that it checks various blocklist engines, including the following:
Our team cleans thousands of websites every day, giving us deep insight into the most effective ways to protect WordPress sites. We've used that experience to create a list of actionable recommendations available in the Hardening & Prevention section of this plugin. To name a few (note that this will depend on your environment), these actions are:
Even with the strongest security measures, no site is 100% safe from hacking. When a compromise occurs, the Post-Hack section of our plugin guides you through four critical steps to help you regain control of your site:
Security features only matter if you know when something's wrong, that's why we included a set of customizable security alerts inside our Settings > Alerts section. You can also customize how frequently you want to be alerted of security related events.
This is by far the coolest security feature Sucuri has to offer everyday website owners. It's an enterprise grade Website Firewall designed to give you the best security protection any website can hope for. It protects your website from a variety of website attacks, including:
Our expertise has given us deep insight into what truly helps prevent security incidents, and we've cooked that knowledge directly into this plugin. To give you a sense of what this security plugin offers, here are some of its most powerful features:
No, this is a free plugin that we offer at no charge. It does not mean you get a free account.
Both the premium and the free version share the same codebase, however, this plugin has a few extra features that are only unlocked when you have a WAF account, some of these features include:
Yes. This plugin compliments your existing security toolsets. It is not designed to replace the Sucuri Website Security or Firewall products.
No, they do not.
Not that we are aware of.
No, it is not required. The Website Firewall runs in the cloud without the need of anything installed. We recommend installing this plugin to see your firewall configuration and manage it from your WordPress dashboard.
We take your privacy seriously. For free plugin users without an API key, no information is collected by Sucuri. After activating an API key, Sucuri will store some information, such as logs. Please see our Terms of Service and Privacy Policy. Please email gdpr@sucuri.net if you have other questions about your privacy.
Go to the Headers Management page and enable Cache-Control header by selecting a mode according to your website's need and click on submit. You can also activate the Cache-Control header by updating the cache header fields in one of the page types by using the "Edit" button in the table rows. Please remember to enable site caching on your WAF to use these settings. If you are a Sucuri client and require assistance, please create a ticket and reach out to the firewall team for support.
To enable CORS headers please visit the Headers Management page. For the time being, we only support "Report-Only" as these headers can break your site.
To enable CSP (Content Security Policy) headers please visit the Headers Management page.
The best place is to engage us via the Support Forum. If you are a client, you can submit a ticket here.