Linux 软件免费装
Banner图

Sucuri Security - Auditing, Malware Scanner and Security Hardening

开发者 dd@sucuri.net
wordpress@sucuri.net
更新时间 2025年6月6日 00:10
PHP版本: 3.6 及以上
WordPress版本: 6.8
版权: GPLv2 or later
版权网址: 版权信息

标签

spam security scan protection virus firewall malware detection sucuri blocklist hardening file integrity

下载

1.9.8 2.1 1.5.1 1.5.2 1.5.6 1.5.7 1.6.0 1.6.1 1.6.4 1.6.5 1.6.6 1.6.8 1.7.10 1.7.11 1.7.12 1.7.13 1.7.14 1.7.15 1.7.16 1.7.17 1.7.18 1.7.19 1.7.3 1.7.4 1.7.5 1.7.6 1.7.7 1.7.8 1.7.9 1.8.0 1.8.1 1.8.10 1.8.12 1.8.13 1.8.14 1.8.15 1.8.16 1.8.17 1.8.18 1.8.19 1.8.20 1.8.21 1.8.23 1.8.24 1.8.25 1.8.26 1.8.3 1.8.4 1.8.5 1.8.6 1.8.7 1.8.8 1.8.44 1.5.0 1.7.1 1.8.40 1.1.3 1.4.3 1.4.4 1.8.22 1.8.27 1.8.37 1.1.2 1.1.4 1.1.5 1.4.2 1.8.28 1.8.30 1.8.31 1.1.6 1.8.29 1.8.34 1.8.41 1.8.42 1.4 1.4.9 1.7.2 1.8.32 1.8.36 1.8.43 1.8.9 1.9.1 1.9.2 1.3 1.4.1 1.4.5 1.5.5 1.8.38 1.4.6 1.4.7 1.4.8 1.8.11 1.8.33 1.9.3 1.9.4 1.9.5 1.9.6 1.9.7 1.6.9 1.7.0 1.8.39 1.9.9 1.8.35 1.9.10 2.0 2.2

详情介绍:

At Sucuri, we are dedicated to keeping your website safe and secure. With a focus on protection and monitoring, we offer solutions that help you stay ahead of potential threats for your WordPress site. Our services include everything from malware detection to performance optimization, all designed to give you peace of mind. We understand the importance of your online presence and are here to support you every step of the way. Join us, and let's work together to ensure your website remains secure and resilient. The Sucuri Security Monitoring Plugin is designed to safeguard your WordPress site with ease and reliability. Our plugin offers a range of essential security features, including: With Sucuri, you can focus on what matters most—growing your website—while we handle the security. Our feature set provides a clear view of your site's status, making it easy to manage, monitor and take action.

安装:

The installation of the Sucuri WordPress Security plugin is very simple and straight forward. A detailed breakdown of the process is available here (including images), however, below we outline the bare minimum steps. To install Sucuri Security and complement your Security posture:
  1. Log into your WordPress administration panel,
  2. In the sidebar, choose "Plugins" and then "Add New",
  3. Type "sucuri" or "sucuri-scanner" in the search box,
  4. Install the option with the "By Sucuri Inc." at the foot,
  5. Once activated, you will find a new icon in the sidebar with the Sucuri logo. Go to the plugin's dashboard and click the button that says "Generate API Key" to activate the event monitoring, this will generate a unique key to authenticate your website against the remote Sucuri WordPress API service,
  6. Feel free to visit the plugin' settings page to configure other options including the security alerts, hardening options, file system scanner paths and API service communication.
Visit the Support Forum to ask questions, suggest new features, or report bugs. And recommend the plugin to your friends and colleagues if you think it can help them.

屏幕截图:

  • Integrity Diff Utility - Shows differences in the core WordPress files.
  • Audit Logs and Malware Scanner - Reports suspicious events and malicious code.
  • Sucuri Firewall - Settings visibility, audit logs, IP blocklisting, and cache.
  • Website Hardening - Offers multiple options to increase the security of the website.
  • Failed Logins - Shows failed login attempts, successful logins and online users.
  • Post Hack Tools - Offers multiple tools to react after the suspiciousness of a hack.
  • Settings - Offers multiple settings to configure the functionality of the plugin.
  • Cache control headers - Offers multiple options to configure the cache control header.

升级注意事项:

1.8.37 This version removes the API communication service dependency on https://wordpress.sucuri.net/api/, because this service has been discontinued until further notice. Users who have their custom APIs to use in place of https://wordpress.sucuri.net/api/ can still use the API communication service by adding the API endpoint as SUCURISCAN_API_URL on the wp-config.php file. 1.8.19 This version adds an option to refresh the malware scan results on demand, as well as several small bug fixes and improvements.

常见问题:

What is the security activity auditing?

More information on the Sucuri Security WordPress plugin can be found in our Knowledge Base. One of the standout features of our WordPress plugin is the comprehensive audit logging system. At Sucuri, we recognize that every change within your application can be a potential security event. From user logins to content modifications, our audit logs are designed to capture all security-related activities on your site. These logs provide you with crucial visibility into your website's operations, answering key questions such as:

  • Who logged in? Understanding who accesses your site is fundamental to ensuring that only authorized users are logging in. This helps in identifying any unauthorized access attempts, allowing you to respond swiftly to potential security breaches.
  • What changes were made? Essential for maintaining its integrity and security. By knowing what modifications have been made, you can quickly pinpoint any suspicious activities or errors that need attention. With the release of version 1.9.6, we've enhanced this feature, allowing you to filter audit logs by event types and dates. This improvement offers you even greater insight into your site's activities, enabling proactive security management.

What is the file integrity monitoring

Security File Integrity Monitoring has been fundamental to the world of security. It's the act of comparing a known good with the current state. If the current state differs from the known good, you know you have a problem. This is the basis of a lot of host intrusion detection systems. We have built that into this plugin. It will create a known good the minute the plugin is installed. This will be of all the directories at the root of the install, including plugins, themes and core files.

What is remote malware scanning?

Once this plugin is installed and activated, we automatically scan your site searching for known malware, viruses, blacklisting status, website errors, out-of-date software, and malicious code. We access your site just like a regular visitor would as this helps us catch threats that try to stay hidden from bots or search engines. This feature is powered by our free website security scanner – SiteCheck.

What is the blocklist monitoring?

Another very interesting feature of the website Security Malware Scanner is that it checks various blocklist engines, including the following:

  • Sucuri Labs
  • Google Safe Browsing
  • Norton
  • AVG
  • Phish Tank
  • ESET
  • McAfee Site Advisor
  • Yandex
  • SpamHaus
  • Bitdefender
These are some of the largest blocklisting entities, each having the ability to directly impact your brand's online reputation. By synchronizing with their environments we're able to tell you whether any of them are negatively flagging your website with a security related issue. If they do, then via our website security product, we're able to help you get off of the security blocklist.

What is effective security hardening?

Our team cleans thousands of websites every day, giving us deep insight into the most effective ways to protect WordPress sites. We've used that experience to create a list of actionable recommendations available in the Hardening & Prevention section of this plugin. To name a few (note that this will depend on your environment), these actions are:

  • Enable Website Firewall Protection
  • Remove WordPress Version
  • Block PHP Files in Uploads, wp-content and wp-includes directories.
  • Verify default admin account.
  • Disable Plugin and Theme Editor.
  • Automatic Secret Keys Updater.

What are the post-hack security actions?

Even with the strongest security measures, no site is 100% safe from hacking. When a compromise occurs, the Post-Hack section of our plugin guides you through four critical steps to help you regain control of your site:

  • Update Secret Keys.
  • Reset User Passwords.
  • Reset Installed Plugins.
  • Update Plugin and Themes.
These steps are designed to help you recover faster after a security incident.

What are the security notifications?

Security features only matter if you know when something's wrong, that's why we included a set of customizable security alerts inside our Settings > Alerts section. You can also customize how frequently you want to be alerted of security related events.

What is the website firewall (premium)?

This is by far the coolest security feature Sucuri has to offer everyday website owners. It's an enterprise grade Website Firewall designed to give you the best security protection any website can hope for. It protects your website from a variety of website attacks, including:

  • Denial of Service (DOS / DDOS) Attacks.
  • Exploitation of Software Vulnerabilities.
  • Zero Day Disclosure Patches.
  • Brute Force Attacks against your Access Control Mechanisms.
This is coupled with a number of features like:
  • Performance Optimization.
  • Advanced Access Control Features.
  • Failover and Redundancy.
This is not included as a free option of the plugin, but is integrated so that if purchased you are able to activate. If you prefer to leverage the Sucuri Firewall product by itself, you have the option to operate the Website Firewall WordPress Security plugin in standalone mode. The Sucuri WordPress Security plugin is built by the team that is known for their proactive approach to security. It is built using intelligence gathered from thousands upon thousands of remediation cases, millions of unique domain scans and 10's of millions of website security attack blocks.

What does this plugin do that other security plugins don't do?

Our expertise has given us deep insight into what truly helps prevent security incidents, and we've cooked that knowledge directly into this plugin. To give you a sense of what this security plugin offers, here are some of its most powerful features:

  • WordPress core, PHP, plugins and themes vulnerability scanners.
  • Firewall Management.
  • Events Reporting (auditlogs).
  • Headers Management.
  • Hardening & Prevention.
  • Post-Hack Actions.
  • Last Logins.
  • And there's more!
And while other security plugins may offer similar features, few deliver them as effectively as we do. Ask around! :)

If I install the Sucuri Security plugin do I get a Sucuri account?

No, this is a free plugin that we offer at no charge. It does not mean you get a free account.

If I have the premium plugin, do I need the free plugin?

Both the premium and the free version share the same codebase, however, this plugin has a few extra features that are only unlocked when you have a WAF account, some of these features include:

  • WordPress Core vulnerability scanning.
  • PHP vulnerability scanning.
  • Plugin vulnerability scanning.
  • Themes vulnerability scanning.
  • A beautiful dark theme!
To unlock these features you must go to Firewall Management and input a correct Sucuri Firewall API Key — In the Sucuri Dashboard you can find this key by going to the Sucuri WAF dashboard > API > API Key (for plugin).

Do I still need Sucuri's products if I have this plugin?

Yes. This plugin compliments your existing security toolsets. It is not designed to replace the Sucuri Website Security or Firewall products.

Do the logs get stored to my database?

No, they do not.

Are there any issues installing your plugin with any hosts?

Not that we are aware of.

Do I need this plugin to use the Website Firewall service?

No, it is not required. The Website Firewall runs in the cloud without the need of anything installed. We recommend installing this plugin to see your firewall configuration and manage it from your WordPress dashboard.

What information does Sucuri collect?

We take your privacy seriously. For free plugin users without an API key, no information is collected by Sucuri. After activating an API key, Sucuri will store some information, such as logs. Please see our Terms of Service and Privacy Policy. Please email gdpr@sucuri.net if you have other questions about your privacy.

How do I configure the Cache-Control header?

Go to the Headers Management page and enable Cache-Control header by selecting a mode according to your website's need and click on submit. You can also activate the Cache-Control header by updating the cache header fields in one of the page types by using the "Edit" button in the table rows. Please remember to enable site caching on your WAF to use these settings. If you are a Sucuri client and require assistance, please create a ticket and reach out to the firewall team for support.

How do I configure the CORS headers?

To enable CORS headers please visit the Headers Management page. For the time being, we only support "Report-Only" as these headers can break your site.

How do I configure the Content Security Policy (CSP) header?

To enable CSP (Content Security Policy) headers please visit the Headers Management page.

Where do I get support for this plugin?

The best place is to engage us via the Support Forum. If you are a client, you can submit a ticket here.

更新日志:

2.2 2.1 2.0 1.9.10 1.9.9 1.9.8 1.9.7 1.9.6 1.9.5 1.9.4 1.9.3 1.9.2 1.9.1 1.8.44 1.8.43 1.8.42 1.8.41 1.8.40 1.8.39 1.8.38 1.8.37 1.8.36 1.8.35 1.8.34 1.8.33 1.8.32 1.8.31 1.8.30 1.8.29 1.8.28 1.8.27 1.8.26 1.8.25 1.8.24 1.8.23 1.8.22 1.8.21 1.8.20 1.8.19 1.8.18 1.8.17 1.8.15 1.8.14 1.8.13 1.8.12 1.8.11 1.8.10 1.8.9 1.8.8 1.8.7 1.8.6 1.8.5 1.8.4 1.8.3 1.8.2 1.8.1 1.8.0 1.7.19 1.7.18 1.7.17 1.7.16 1.7.14 1.7.13 1.7.12 1.7.11 1.7.10 1.7.9 1.7.8 1.7.7 1.7.6 1.7.5 1.7.4 1.7.3 1.7.2 1.7.1 1.7.0 1.6.9 1.6.8 1.6.7 1.6.6 1.6.5 1.6.4 1.6.3 1.6.2 1.6.1 1.6.0 1.5.7 1.5.6 1.5.5 1.5.4 1.5.2 1.5.0 1.4.8 1.4.7 1.4.6 1.4.5 1.4.4 1.4.3 1.4.2 1.4.1 1.4 1.3 1.2.2 1.2.1 1.2 1.1.7 1.1.6 1.1.5 1.1.3 1.1.2 1.1.1