Linux 软件免费装
Banner图

Sucuri Security - Auditing, Malware Scanner and Security Hardening

开发者 dd@sucuri.net
wordpress@sucuri.net
更新时间 2024年10月24日 00:06
PHP版本: 3.6 及以上
WordPress版本: 6.6
版权: GPLv2 or later
版权网址: 版权信息

标签

spam security scan protection virus firewall malware detection sucuri blocklist hardening file integrity

下载

1.8.35 1.4.7 1.5.1 1.5.2 1.5.6 1.5.7 1.6.0 1.6.1 1.6.4 1.6.5 1.6.6 1.6.8 1.6.9 1.7.0 1.7.10 1.7.11 1.7.12 1.7.13 1.7.14 1.7.15 1.7.16 1.7.17 1.7.18 1.7.19 1.7.3 1.7.4 1.7.5 1.7.6 1.7.7 1.7.8 1.7.9 1.8.0 1.8.1 1.8.10 1.8.12 1.8.13 1.8.14 1.8.15 1.8.16 1.8.17 1.8.18 1.8.19 1.8.20 1.8.21 1.8.23 1.8.24 1.8.25 1.8.26 1.8.3 1.8.4 1.8.5 1.8.6 1.8.7 1.8.8 1.8.33 1.8.44 1.4.8 1.5.0 1.7.1 1.8.40 1.1.3 1.4.3 1.4.4 1.8.22 1.8.27 1.8.37 1.8.39 1.1.2 1.1.4 1.1.5 1.4.2 1.8.28 1.8.30 1.8.31 1.1.6 1.8.29 1.8.34 1.8.41 1.8.42 1.4 1.4.9 1.7.2 1.8.32 1.8.36 1.8.43 1.8.9 1.9.1 1.9.2 1.3 1.4.1 1.4.5 1.5.5 1.8.38 1.4.6 1.8.11 1.9.3 1.9.4 1.9.5

详情介绍:

Sucuri Inc. is a globally recognized authority in all matters related to website security, with specialization in WordPress Security. The Sucuri Security WordPress plugin is free to all WordPress users. It is a security suite meant to complement your existing security posture. Currently the ownership of this plugin was transferred to GoDaddy. It offers its users a set of security features for their website, each designed to have a positive effect on their security posture:

安装:

The installation of the Sucuri WordPress Security plugin is very simple and straight forward. A detailed breakdown of the process is available here (including images), however, below we outline the bare minimum steps. To install Sucuri Security and complement your Security posture:
  1. Log into your WordPress administration panel,
  2. In the sidebar, choose "Plugins" and then "Add New",
  3. Type "sucuri" or "sucuri-scanner" in the search box,
  4. Install the option with the "By Sucuri Inc." at the foot,
  5. Once activated, you will find a new icon in the sidebar with the Sucuri logo. Go to the plugin's dashboard and click the button that says "Generate API Key" to activate the event monitoring, this will generate a unique key to authenticate your website against the remote Sucuri WordPress API service,
  6. Feel free to visit the plugin' settings page to configure other options including the security alerts, hardening options, file system scanner paths and API service communication.
Visit the Support Forum to ask questions, suggest new features, or report bugs. And recommend the plugin to your friends and colleagues if you think it can help them.

屏幕截图:

  • Integrity Diff Utility - Shows differences in the core WordPress files.
  • Audit Logs and Malware Scanner - Reports suspicious events and malicious code.
  • Sucuri Firewall - Settings visibility, audit logs, IP blocklisting, and cache.
  • Website Hardening - Offers multiple options to increase the security of the website.
  • Failed Logins - Shows failed login attempts, successful logins and online users.
  • Post Hack Tools - Offers multiple tools to react after the suspiciousness of a hack.
  • Settings - Offers multiple settings to configure the functionality of the plugin.
  • Cache control headers - Offers multiple options to configure the cache control header.

升级注意事项:

1.8.37 This version removes the API communication service dependency on https://wordpress.sucuri.net/api/, because this service has been discontinued until further notice. Users who have their custom APIs to use in place of https://wordpress.sucuri.net/api/ can still use the API communication service by adding the API endpoint as SUCURISCAN_API_URL on the wp-config.php file. 1.8.19 This version adds an option to refresh the malware scan results on demand, as well as several small bug fixes and improvements.

常见问题:

What is the security activity auditing?

More information on the Sucuri Security WordPress plugin can be found in our Knowledge Base. This is perhaps the most underutilized security function. It’s the act of monitoring all security related events within your WordPress install. The challenge is, what makes up a security event. In the eyes of Sucuri, any change that occurs within the application could be categorized as a security event, and as such we try to record it. This is important because it gives you, the website owner, the ability to keep a good eye on the various changes occurring within your environment. Who is logging in? What changes are being made? Since version 1.9.6, we have added support for filters in the audit logs, allowing you to filter by various event types and dates.

What is the file integrity monitoring

Security File Integrity Monitoring has been fundamental to the world of security. It’s the act of comparing a known good with the current state. If the current state differs from the known good, you know you have a problem. This is the basis of a lot of host intrusion detection systems. It’s what we have built into the plugin. It will create a known good the minute the plugin is installed. This will be of all the directories at the root of the install, this includes plugins, themes and core files.

What is the remote malware scanning?

This feature is powered by our scanning engine, found on our free security scanner - SiteCheck. It’s important to take some time to understand how this scanner works. There are limitations with the way this scanner works, you can find more information in the FAQ section.

What is the blocklist monitoring?

Another very interesting feature of the Security Malware Scanner is that it checks various blocklist engines, including the following:

  • Sucuri Labs
  • Google Safe Browsing
  • Norton
  • AVG
  • Phish Tank
  • ESET
  • McAfee Site Advisor
  • Yandex
  • SpamHaus
  • Bitdefender
These are some of the largest blocklisting entities, each having the ability to directly impact your brand's online reputation. By synchronizing with their environments we’re able to tell you, upon scan, whether any of them are negatively flagging your website with a security related issue. If they do, then via our website security product, we’re able to help you get off of the security blocklist.

What is effective security hardening

It’s easy to get lost in the world of security hardening. At Sucuri we clean hundreds of websites a day, many with the various security hardening configurations you find in various WordPress Security presentations. In this section, we add those that we feel to be most effective, and that complement the entire Sucuri suite of products.

What are the post-hack security actions

Regardless of how good your security posture is, sometimes it’s impossible to prevent the inevitable. When this happens, we’ve included a section to help you walk through the three key things you should do after a compromise.

What are the security notifications

Having all these security features would be useless unless you were notified of the issues. This is why we have made available security alerts. We have also expanded the various security related events, to provide website owners more flexibility in regards to what they want to know about. As a website owner, you have the option to make these security alerts as quiet or noisy as you would like.

What is the website firewall (premium)

This is by far the coolest security feature Sucuri has to offer everyday website owners. It’s an enterprise grade Website Firewall designed to give you the best security protection any website can hope for. It protects your website from a variety of website attacks, including:

  • Denial of Service (DOS / DDOS) Attacks
  • Exploitation of Software Vulnerabilities
  • Zero Day Disclosure Patches
  • Brute Force Attacks against your Access Control Mechanisms
This is coupled with a number of features like:
  • Performance Optimization
  • Advanced Access Control Features
  • Failover and Redundancy
This is not included as a free option of the plugin, but is integrated so that if purchased you are able to activate. If you prefer to leverage the Sucuri Firewall product by itself, you have the option to operate the Website Firewall WordPress Security plugin in standalone mode. The Sucuri WordPress Security plugin is built by the team that is known for their proactive approach to security. It is built using intelligence gathered from thousands upon thousands of remediation cases, millions of unique domain scans and 10’s of millions of website security attack blocks.

What does this plugin do that other security plugins don't do?

A few other security plugins provide activity monitoring features, but few do them well. The activity monitoring in this plugin is second to none, tying the activity into the Sucuri Security Operations Center (SOC) ensuring its safe keeping. This security plugin also takes a different approach to security plugins, stripping it of what we categorize as unnecessary features for a basic website end-user. We've narrowed the key features we felt were most pertinent to any website owner and integrated them into this plugin.

If I install the Sucuri Security plugin do I get a Sucuri account?

No, this is a free plugin that we offer at no charge. It does not mean you get a free account.

If I have the premium plugin, do I need the free plugin?

The premium plugin was deprecated back in 2014. All the major features were merged into the free plugin. If you are still using the (old) premium plugin please consider deleting it and installing the (new) free plugin from the WordPress plugin market. Notice that you will need to generate a new API key as the new API service does not supports the old one.

Do I still need Sucuri’s products if I have this plugin?

Yes. This plugin compliments your existing security toolsets. It is not designed to replace the Sucuri Website Security or Firewall products.

Where do I get support for this plugin?

The best place is to engage us via the Support Forum. If you are a client, you can submit a ticket here.

Does your plugin conflict with WordFence?

The plugin does not, but there might be issues with our scanners. If you get an “Unable to Properly Scan Your Site” error, it’s likely because the WordFence plugin is blocking our scanner as an invalid crawler. You would have to white list our IP address on the WordFence dashboard.

What are the Remote Malware Scanner limitations?

Because the security malware scanner is remote, it is unable to see things that are on the server but that are not displaying on the browser. If you are interested in this, we encourage you to subscribe to our website security product. This issues includes things like Phishing pages, Backdoors, Mailer Scripts, etc.

Your plugin didn’t detect this malware?

This happens, reference the remote scanner limitations above. This should not be confused with our website security product. If you have malware, and you are a client, submit a ticket so that we can help you get clean. If you are not a client, and you want to share what you have found please send it to labs@sucuri.net. The plugin is not performing application level malware / security scanning so this is not uncommon.

Is it free to enable the Website Firewall option?

No, it is not. To enable you must subscribe to the Website Firewall service.

Will this plugin impact the performance of my website?

We improve the performance of the code with every release. However, due to differences between hosting providers there are cases where the plugin may affect the responsiveness of the website upon installation. Things like HTTP requests, SSL certificate verifications and DNS lookups are among the few things that, depending on how your web server is configured, will slow down your website.

Do the logs get stored to my database?

No, they do not.

Are there any issues installing your plugin with any hosts?

Not that we are aware of.

Do I need this plugin to use the Website Firewall service?

No, it is not required. The Website Firewall runs in the cloud without the need of anything installed. This plugin only helps see and manage the service from the WordPress dashboard.

What information does Sucuri collect?

We take your privacy seriously. For free plugin users without an API key, no information is collected by Sucuri. After activating an API key, Sucuri will store some information, such as logs. Please see our Terms of Service and Privacy Policy. Please email gdpr@sucuri.net if you have other questions about your privacy. How do I configure the Cache-Control header? Go to Settings > Headers and enable the Cache-Control header selecting a mode according to your website's need and click on submit. You can also activate the Cache-Control header by updating the cache header fields in one of the page types by using the "Edit" button in the table rows. Please enable site caching on your WAF to use these settings. If you are a Sucuri client and require assistance, please create a ticket and reach out to the firewall team for support.

更新日志:

1.9.6 1.9.5 1.9.4 1.9.3 1.9.2 1.9.1 1.8.44 1.8.43 1.8.42 1.8.41 1.8.40 1.8.39 1.8.38 1.8.37 1.8.36 1.8.35 1.8.34 1.8.33 1.8.32 1.8.31 1.8.30 1.8.29 1.8.28 1.8.27 1.8.26 1.8.25 1.8.24 1.8.23 1.8.22 1.8.21 1.8.20 1.8.19 1.8.18 1.8.17 1.8.15 1.8.14 1.8.13 1.8.12 1.8.11 1.8.10 1.8.9 1.8.8 1.8.7 1.8.6 1.8.5 1.8.4 1.8.3 1.8.2 1.8.1 1.8.0 1.7.19 1.7.18 1.7.17 1.7.16 1.7.14 1.7.13 1.7.12 1.7.11 1.7.10 1.7.9 1.7.8 1.7.7 1.7.6 1.7.5 1.7.4 1.7.3 1.7.2 1.7.1 1.7.0 1.6.9 1.6.8 1.6.7 1.6.6 1.6.5 1.6.4 1.6.3 1.6.2 1.6.1 1.6.0 1.5.7 1.5.6 1.5.5 1.5.4 1.5.2 1.5.0 1.4.8 1.4.7 1.4.6 1.4.5 1.4.4 1.4.3 1.4.2 1.4.1 1.4 1.3 1.2.2 1.2.1 1.2 1.1.7 1.1.6 1.1.5 1.1.3 1.1.2 1.1.1