Siempre que nos preguntan sobre consejos de seguridad para WordPress, dos de nuestras principales recomendaciones son conseguir una buena solución de copia de seguridad de WordPress y empezar a utilizar el cortafuegos de sitios web Sucuri.
En WPBeginner, hemos probado innumerables soluciones de seguridad, y el cortafuegos de sitios web que utilizamos durante muchos años en nuestro propio sitio es Sucuri. Hemos comprobado que bloquea de forma consistente ataques malintencionados, malware y otras amenazas online.
En este artículo, compartiremos nuestra honesta reseña del cortafuegos para sitios web de Sucuri y daremos estadísticas específicas y ejemplos de cómo nos mantuvo seguros. En nuestra experiencia, vale la pena cada centavo para los propietarios de sitios web que priorizan la seguridad.
Divulgación completa: No nos pagaron para escribir esta reseña de Sucuri y sólo recomendamos servicios que creemos que agregarán valor a nuestros lectores. Si usted decide utilizar Sucuri haciendo clic en un enlace de referencia en este artículo, entonces vamos a obtener una pequeña comisión.
He aquí un breve resumen de los temas que trataremos en este artículo:
Un poco de información sobre la seguridad de WPBeginner
WPBeginner es uno de los mayores sitios de recursos gratuitos de WordPress del planeta. Debido a eso, a menudo tenemos que lidiar con ataques a sitios web. Estos incluyen ataques de fuerza bruta, ataques de alimentación, DDoS, y un montón de spam.
Por eso siempre hemos sido extremadamente precavidos, y disponemos de una solución de copia de seguridad de WordPress en tiempo real.
Además, hemos protegido con contraseña nuestro directorio wp-admin, desactivado la ejecución de PHP, cambiado el prefijo predeterminado de la base de datos de WordPress y, básicamente, hemos seguido todos los demás trucos de refuerzo de la seguridad.
Aunque se pueden seguir todas las mejores prácticas de prevención a nivel del software de WordPress, lo cierto es que la seguridad debe abordarse a nivel del servidor de alojamiento y, lo que es más importante, a nivel de DNS.
Durante los ataques, nuestro sitio web se ralentizaba considerablemente debido a la elevada carga del servidor. A veces, incluso provocaba que el servidor se reiniciara causando tiempo de inactividad.
Fue entonces cuando empezamos a buscar una solución de cortafuegos a nivel de DNS.
Ya teníamos el plugin Sucuri WordPress instalado en el sitio, así que decidimos probar su cortafuegos.
Veamos brevemente las ventajas de un cortafuegos y cómo nos ayudó Sucuri.
Nota: Aunque ahora hemos cambiado a Cloudflare, seguimos recomendando Sucuri para los usuarios de WordPress. Puede obtener más información al respecto más adelante en este artículo.
Visión general de Sucuri
Sucuri es una empresa de seguridad de sitios web especializada en la seguridad de WordPress. Protegen tu sitio web de hackers, malware, DDoS y otros ataques.
Cuando habilitas Sucuri, todo el tráfico de tu sitio pasa a través de su firewall proxy en la nube antes de llegar a tu servidor de alojamiento. Esto les permite bloquear todos los ataques y solo enviarte visitantes legítimos.
Basta con ver la siguiente ilustración:
El mayor beneficio de Sucuri es que hace que su sitio web sea seguro. El cortafuegos también hace que su sitio web sea más rápido, y usted ahorra dinero en su factura de alojamiento porque la carga de su servidor se reduce significativamente.
Tan pronto como activamos el firewall Sucuri, empezamos a ver la diferencia en el rendimiento. La visión general de los ataques en el panel de Sucuri nos abrió los ojos.
Resultados del Firewall Sucuri de WPBeginner
En los tres primeros meses de uso del cortafuegos, Sucuri nos ayudó a bloquear más de 450.000 ataques a WordPress.
He aquí un desglose de algunas de las solicitudes más bloqueadas:
- Exploit bloqueado mediante parches virtuales (115.946 intentos bloqueados)
- Dirección IP en la lista negra (72.495 intentos bloqueados)
- Acceso denegado a bots malintencionados (45.299 intentos bloqueados)
- Localización de puerta trasera denegada (29.690 intentos bloqueados)
- Intento DDOS bloqueado (29.676 intentos bloqueados)
- Acceso de bots falsos (24.571 intentos bloqueados)
- Intento de evasión denegado (21.887 intentos bloqueados)
- Solicitud de spam bloqueada (14.313 intentos bloqueados)
- Herramienta de exploración bloqueada (13.842 intentos bloqueados)
Ahora, la mayoría de ustedes probablemente están pensando que WPBeginner es un sitio enorme, y es por eso que somos un objetivo más grande. Pero esto no es del todo cierto.
Los sitios más pequeños suelen ser un blanco más fácil para los piratas informáticos porque no toman precauciones de seguridad. Su sitio web puede estar siendo atacado en este mismo momento, pero usted no lo sabe.
Lamentablemente, la mayoría de la gente se entera demasiado tarde cuando ya ha sido hackeada. Por eso nuestros artículos sobre cómo encontrar una puerta trasera en un sitio WordPress hac keado y cómo solucionar el error ‘este sitio contiene programas dañinos’ están entre los más populares de WPBeginner.
Si tiene un sitio web empresarial, Sucuri es una solución imprescindible, ya que ofrece seguridad completa de extremo a extremo para WordPress.
5 razones por las que nos encanta Sucuri
Después de leer sobre nuestras experiencias con Sucuri, usted puede saber por qué nos encanta. Aquí tienes 5 razones por las que lo recomendamos encarecidamente.
1. Bloquea todos los ataques
El cortafuegos de Sucuri bloqueó todos los ataques incluso antes de que tocaran nuestro servidor. Al ser una de las principales empresas de seguridad, Sucuri investiga de forma proactiva e informa de posibles problemas de seguridad al equipo central de WordPress, así como a plugins de terceros.
Su equipo trabaja en estrecha colaboración con los respectivos desarrolladores para solucionar los problemas de seguridad. Una vez corregidos, Sucuri parchea esas vulnerabilidades a nivel de firewall en caso de que no hayas tenido la oportunidad de actualizar tu plugin lo suficientemente rápido.
Por ejemplo, cuando se reveló que Elegant Themes tenía una vulnerabilidad, se parcheó rápidamente en los servidores de Sucuri antes de que los usuarios tuvieran la oportunidad de actualizar sus plugins y temas. Esto significa que su sitio está siempre seguro.
2. Supervisión de la integridad del sitio web
Estábamos usando el paquete Sucuri 2-en-1 Website AntiVirus, que viene con el escáner Sucuri. Monitorizaba nuestro sitio web cada 3 horas para asegurarse de que estaba limpio de malware, JavaScript malicioso, iframes maliciosos, redirecciones sospechosas, inyecciones de enlaces spam y más.
El escáner también se aseguró de que nuestro sitio no estuviera en la lista negra de ninguno de los servicios populares como Google, Norton, AVG, Phishtank, Opera y otros.
Esta función le ayuda a mantener su reputación intacta y evita que sus usuarios vean advertencias como éstas:
3. Registro de auditoría del sitio
El plugin de Sucuri para WordPress realiza un seguimiento de todo lo que sucede en su sitio.
Esto incluye cambios en los archivos, nuevas publicaciones, nuevos usuarios, últimos inicios de sesión, intentos fallidos de inicio de sesión, etc.
4. Escaneado del lado del servidor
Cuando se trata de hackers inteligentes, hay que tenerlo todo en cuenta. A algunos hackers no les importa infectar a tus usuarios con malware. Tal vez sólo quieren añadir banners publicitarios en tu antiguo post o reemplazar tus enlaces de afiliados.
Este tipo de hacks son muy difíciles de detectar porque no son tan obvios, y no te pondrán en la lista negra por ellos.
Ahí es cuando el escáner del lado del servidor es útil. El escáner del lado del servidor de Sucuri revisa todos los archivos (incluso los que no son de WordPress) para asegurarse de que no haya nada sospechoso en su servidor.
También audita eventos como cambios de archivos y demás para mantenerte informado.
5. Servicio de limpieza de malware
Aunque todas las razones anteriores bien justifican el coste, Sucuri también ofrece un servicio de limpieza de malware sin límites de páginas, junto con la eliminación de listas negras. Todavía no hemos tenido que utilizar esta parte del servicio, pero ¿te imaginas tener a expertos en seguridad limpiando tu sitio?
Por término medio, los expertos en seguridad cobran 250 dólares por hora de consultoría.
Dado que esto puede llegar a ser bastante caro, Sucuri tiene un incentivo adicional para asegurarse de que su sitio web nunca sea hackeado.
Pro Tip: Si tu sitio fue hackeado y no estabas usando Sucuri, entonces echa un vistazo a los Servicios Profesionales de WPBeginner. Nuestro equipo de expertos limpiará el código malicioso, archivos y malware para asegurarse de que sus datos sensibles están a salvo. Los precios comienzan en $ 249.
Por qué WPBeginner dejó de usar Sucuri
En WPBeginner, hemos utilizado Sucuri como nuestro firewall, seguridad y solución CDN durante muchos años. Aunque todavía creemos que es una gran solución, recientemente hemos cambiado a Cloudflare.
Cloudflare es líder del sector en CDN y seguridad de sitios web. Ha crecido increíblemente a lo largo de los años.
Como puede que te interese saber por qué hicimos el cambio, escribimos un artículo detallado sobre las razones por las que cambiamos de Sucuri a Cloudflare.
En resumen, cambiamos debido a la CDN más rápida de Cloudflare. Como WPBeginner tiene usuarios de todo el mundo, el cambio mejoró nuestra latencia, el tiempo de carga de la página y el rendimiento.
También descubrimos que Cloudflare tiene reglas de cortafuegos más configurables y menos interrupciones regionales, especialmente en Europa.
Sucuri y Cloudflare son dos grandes soluciones para la seguridad y el rendimiento de WordPress. Puedes saber cuál es mejor para tu negocio leyendo nuestra comparación detallada de Sucuri vs. CloudFlare (pros y contras).
Nuestros pensamientos finales – Revisión de Sucuri
Día tras día, escuchamos historias de sitios web hackeados. Podemos decir honestamente que Sucuri es sin duda uno de los mejores y más rentables servicios de seguridad en la industria de WordPress.
Por 199,99 $ al año, es el mejor seguro que puede comprar para su negocio en línea.
Si los sitios web gubernamentales pueden ser pirateados, el suyo también puede serlo, haga lo que haga. Sin embargo, es mucho mejor enterarse de que su sitio web ha sido pirateado a través de un servicio de vigilancia que a través de sus usuarios o, peor aún, cuando Google lo incluya en una lista negra.
Y lo que es más importante, sin duda merece la pena la tranquilidad de saber que, si ocurriera algo, contaría con un equipo de expertos en seguridad que le ayudarán a limpiarlo todo adecuadamente.
Sucuri es una empresa líder en seguridad cuyos productos han sido mencionados en publicaciones importantes como CNN, USAToday, TechCrunch, TheNextWeb, y más. Nos hemos reunido personalmente con su cofundador y CEO, Tony Perez, y podemos decir honestamente que son una empresa de confianza.
Cada vez que interactuamos con el equipo de soporte de Sucuri, fueron rápidos, educados y serviciales.
Si tuviéramos que puntuar el servicio y soporte de Sucuri, les daríamos un 5 sobre 5.
Esperamos que nuestra reseña sobre Sucuri le haya sido útil. Si estás pensando en mejorar la seguridad de tu WordPress, entonces definitivamente echa un vistazo a Sucuri y pruébalo.
Guías de expertos sobre seguridad en WordPress
Esperamos que este artículo le haya ayudado a aprender acerca de la eficacia de las características de seguridad de Sucuri WAF. Puede que también quieras ver otras guías relacionadas con la seguridad de WordPress:
- Comparación de los mejores plugins cortafuegos para WordPress
- Revisión de Sucuri: ¿Es el plugin de seguridad de WordPress adecuado para usted?
- Wordfence vs Sucuri – ¿Cuál es mejor? (Comparación)
- Sucuri vs CloudFlare (Pros y Contras) – ¿Cuál es mejor?
- Cómo instalar y configurar la seguridad de Wordfence en WordPress
- Razones por las que WPBeginner cambió de Sucuri a Cloudflare
- Cómo proteger su sitio WordPress de los ataques de fuerza bruta
- Los mejores plugins de seguridad de WordPress para proteger su sitio (comparativa)
- La guía definitiva para la seguridad de WordPress (paso a paso)
If you liked this article, then please subscribe to our YouTube Channel for WordPress video tutorials. You can also find us on Twitter and Facebook.
Unarine Leo Netshifhefhe
I read some reviews on sucuri and it seems like the free version of it doesn’t help a website owner at all, so my question is did you use the free version or you just started with the premium version?this is because i don’t want to risk it and go for free version whereas i can find another security plugin which can offer me better security than sucuri
WPBeginner Support
Our review is for the paid service from Sucuri, at the moment the free plugin on WordPress.org is a scanner and not their firewall which would likely be why users are confused.
Administrador
Marissa
I just got Sucuri premium plan and wanted to know do I still need to install the Sucuri plugin on Wordpress or do they do everything through their site?
WPBeginner Support
We would recommend keeping and connecting their plugin currently
Administrador
Ariel
I have another question I just thought of: Sucuri also has backup service. Do you use that one at wpbeginner, or do you use another backup solution instead?. If that’s the case, which one, and why not the Sucuri one? Thanks!!
WPBeginner Support
For the time being, we are using VaultPress for our backups and Sucuri for our security. For what we use on our site, you would want to take a look at our blueprint page: https://www.wpbeginner.com/blueprint/
Administrador
Gautam Budhiraja
Whenever I click on any article on my website from my mobile, it redirects to spam page but not on laptop.Wpbeginner please help me out to remove hack or any malware.Should I install wordfence or sucuri to remove this and to prevent future attacks.
Thanks!
WPBeginner Support
As a starting point, you would want to take a look at our guide here: https://www.wpbeginner.com/plugins/how-to-scan-your-wordpress-site-for-potentially-malicious-code/
Administrador
Sanjib
So if I install sucuri, Do I still need wordfence
WPBeginner Support
If you’re using Sucuri’s firewall then normally you shouldn’t need an additional firewall as multiple plugins/tools for the same purpose can sometimes cause conflicts between the two.
Administrador
Ankit
Awesome article really helpful information.
Sucuri quiet expansive subscription plane but I know how to secure my website manually.
Overall article was greatest.
Thanks Dear
WPBeginner Support
Thank you, glad you liked our article
Administrador
MD Fahim
Awesome article really helpful information.
Sucuri quiet expansive subscription plane but I know how to secure my website manually.
Overall article was greatest.
Thanks wpbegainer
WPBeginner Support
You’re welcome, glad you liked our article
Administrador
Amit Mishra
Literally loveed your full review and will definitely try securi paid plan, as currently I am in free plan is it necessary to go with their paid plan?
Is free plan isn’t effective?
WPBeginner Support
Hi Amit,
The paid plan gives you access to their premium features like DNS level website firewall.
Administrador
Bill Patterson
What do you think of the free version of Securi? I am using wordfence, securi and Bulletproof. I know there must be some overlap. Just did not see any review using the free version.
WPBeginner Support
Hi Bill,
The free version of Sucuri helps you scan your WordPress website for security vulnerabilities. It is a solid plugin maintained by the top WordPress security company.
Administrador
Christoforos
I came across this article while searching on Google for wordpress security info.
I subscribed to their service. I admit that they are very helpful and they do know what they do… The problem is that because of their firewall my website was unreachable for more than 90 minutes. I have more than 40K visits per day, so 90 minutes offline is a lot of money lost!!!!!!!
Nothing is perfect!
Cody
I see in this article Sucuri and Wordfence are both firewall plugins so probably keep Sucuri and iThemes, correct?
https://www.wpbeginner.com/plugins/best-wordpress-firewall-plugins-compared/
I noticed you said that if you are using Sucuri and MaxCDN any CDN benifit you get from Sucuri is a bonus. If you point the nameservers at Sucuri would that not confuse MaxCDN of the host server location? Do you really have two CDN’s working at the same time?
Cody
I see you recommended Sucuri in combination with MaxCDN. Do you also have other security plugins enabled because Sucuri is that good? Currently I keep both iThemes Security and Wordfence Security enabled. Adding a third plugin seems like there might be many overlapping features. Can you comment on which combination you use on wpbeginner for a fast and secure site?
Thank you
WPBeginner Support
Hi Cody,
We use Sucuri for complete WordPress security. We also have many common best practices in place to improve security. Please see our complete WordPress security guide for more details.
Administrador
Bill
Sucuri, is in my opinion, the best computer-related investment I’ve made in my entire life. I’ve been with them several years and they are always there to help. I would say they have bent over backwards helping someone like myself who is not too computer-literate. I have a small cartoon site, and once had over 33K attacks in one day but my site was unaffected.
Note: Sucuri I believe does have a referral service where you can get a discount if you recommend someone. I have repeatedly emailed them and told them, I do not wish to participate in this referral program as their service is so amazing, I’ve recommended them to many others just to help others avoid heartache from hacking attacks.
The peace of mind that comes with a service such as this is immeasurable.
Finally, there is only one thing I absolutely despise about Sucuri, the name Sucuri. As someone who is terrified of snakes, Sucuri is Portuguese for anaconda. I’d much prefer rabbit, dog or another animal.
Brian
Thanks for your review. How concerning, in your opinion, is Go Daddy’s acquisition of Sucuri? I always feel like when a huge company acquires a smaller company, there’s a chance for quality and service to take a nosedive.
WPBeginner Support
Hi Brian,
It hasn’t taken a nose dive yet. And GoDaddy as a company has improved a lot in the recent years when it comes to their product quality.
Administrador
Dani
Does anyone have bad experience with securi. They would be the best according to them, But I only have problems with them. And is there a way that I can look how many people they employ (Chamber of Commerce). I will pay for it.
My english is not so good i’m from belgium and i speak dutch – I will also write it in Dutch.
-How it all started-
2 months ago I protected my domain name using securi firewall. Because securi told me they were the best I chosen them without a doubt.
3 days ago I contacted securi whit a support ticket. I asked them to delete my domain name, Because I bought another domain name, And I will not use the old domain name anymore. I want to use my new domain name with the securi firewal. They said no problem, just remove the securi name sever from your hosting Then you can delete it in your securi account. I do not know how to do that so my hosting company has removed the name server, And then I asked securi to put the new domain name into my securi account.
———————————————————–
SECURI Ticket update
Hi, in that instance you need to point the nameservers from your domain.be back to the ones that they were previous to ours. Otherwise, if we remove the domain from the firewall dashboard the domain.be site will show a Sucuri error message.
Once the nameservers are pointed away from us and the site is no longer resolving to our firewall IP, we can remove it from the dashboard and then you can add in the new domain.
By: Jarret C.
——————————————————————
SECURI Ticket update Ticket
Hi,
The old site has been removed and the new site has been added
Thanks,
Caleb
——————————————————————
I was happy I thought now I can upload my website and then its well protected, Because securi told me they were the best.
Now I wanted to login I filled in my email address and my password. but I automatically get redirected to (https://login.sucuri.net/login/2fa/)
and I get a error – Sucuri 2FA ( Invalid code. Please try again.) Ok no problem until i have tried it 20 times with 20 different codes.
I then sent an email to support@sucuri.net Because written on their website. And Because I want to log in to my securi account
Please email support@sucuri.net if you need to reset or disable your 2FA account.
re-opened.
day 1 – I did not get an answer to my email nothing So I called them 10 times (No one answers the phone) A bit angry but okay tomorrow I will try again.
day 2 – Sent an email again but this time 3 emails – No one answer my email So I called them 15 times (I do not get anyone on the phone) A bit angry but okay tomorrow I will try again pffff.
Day 3 – I thought I will call them a few times a few times (8 times) – (But no one answers the phone) But yes i got a mail from them.
————————————————————————————–
SECURI Ticket update Ticket
Hello,
It looks like you were able to remove domain.be because I don’t see any sites here at the moment: https://waf.sucuri.net/
You should be able to continue with adding new domain.be now, but let us know if you have any other issues.
– jon
————————————————————————————–
Pffff After 3 days I get an email whit no answer to my question and I still can not log in
So I sent securi an e-mail (again)
The namesaver has already been deleted 3 days ago by my hosting company. and the domain name deleted Successful from suciri. I want to use my new domain name
But that’s not the problem, and I say it again for clarity that’s not the problem.
(2FA) Code not working – I’ve always been able to log in whit (2FA) Code until 3 days ago. When a colleague of you changed things in my securi account After that, I could not log in again.
you can remove (2FA) Code So I can log in (disable 2FA account.
———————————————————————————————-
I received a message again, you should send an email to billing@sucuri.net. I have already emailed them 4 times.
——————————————————————————————————————–
Hi there,
Unfortunately we currently do not have phone support at this time. It also appears that the emails were going to the wrong mailbox.
I would be happy to help you with disabling the 2fa so you can log in to your account. But first, I need to authenticate you as the account owner. We do this by verifying with the billing information on file.
If PayPal – we need the PayPal account email / billing agreement ID
If Credit card:
Company Name – if any
Full name of the account holder
Last 4 digits of the credit card number used
Expiration date
Billing address
Looking forward to your reply.
Regards,
—————————————————————————-
I sent them all the information and wait and waiting no anser no mail no call nothing. I now pay for a securi firewall that I can not use
Sorry but I’m really angry people. So I sent them an angry mail.
I’m really frustrated I thought you were the best. But I really begin to doubt you.
I have been trying for 3 days now To call you Your line is supposedly occupied for 3 days okay
Really this is the last time I send an email to you Can you solve my problem If you can not, I would like a refund. Because I pay for something I can not use
Please disable my 2FA account. So I can log in
——————————————————————————–
Then I received a message
– This is the last message I received from Ryan securi –
Your IP address is being blocked for abuse. To continue correspondence, you can email support@sucuri.net. Have a great day!
– I have replay
Why I just want to be helped I’ve been waiting for 3 days now. No problem I will now post a review online with all the mails that I received from securi. please close my account. And give me a refund. Because you are not fair. have a nice day
Tony Perez
Hi Dani
Thank you for the feedback. I have since tried reaching out, have no had luck connecting. Please, if you can respond to tony@sucuri.net I’m sure we can work to get this resolved quickly.
Thanks in advance for your time.
Tony
AJ Clarke
Hey,
We are getting hit hard by SPAM bots located on Amazon AWS and Google Cloud. Do you know if Sucuri firewall can help with that? We currently use WPEngine which has a built-in firewall (not blocking anything) and CloudFlare (also not blocking the spam) we are running out of options and really hope Sucuri can help.
Editorial Staff
Hey AJ,
We use Sucuri because it helps us combat bot spam. I’m fairly certain that their service will fix that problem for you.
-Syed
Administrador
Ron
Do you find that the Sucuri firewall affects your server-based analytics?
WPBeginner Support
Hey Ron,
We don’t use server based analytics because Google analytics and other platforms are far more accurate
Administrador
John
If you already have Wordfence should you get this too?
Avinash
On sucuri’s product page related to there basic plan which is available for 9.99$ per month, they have also mentioned Performance Optimization and CDN. So is it something like they provide CDN services or they provide web security for websites using CDN services?
Can you please explain that if they provide CDN services, why should we go for a separate CDN provider?
WPBeginner Support
Please contact Sucuri support, they will be able to explain each plan what features it comes with.
Administrador
Connor Wright
I’ve had this for about 1 month and about 1 week ago it blocked 700k attacks and allowed 3m requests through (I own a web hosting company)
Johnathan
A very recent problem with our website is causing me to uninstall / re- install WordPress.
Multiple issues:
We had I guess what you would call “link injection” – Links showing up for our webite in Google that redirected to porn, viagra and such. I found that the htaccess has a a couple additional lines in it that allowed for these redirections.
I also found in “users” that there were hundreds of user acounts created.
Dashboard showed there were over 7K log in attemps.
I started off by trying to pick through everything and repair, but I am concerned that I wouldn’t find all the problems and this would just happen again.
I know the paid version of sucuri is recommended, but from the information I provided would you think the free versions will prevent these issues until I can justify the monthly cost to the owner of the company?
WPBeginner Support
The free version can check your website for infections or malware. But for removal and other features you will need the paid version.
Administrador
madan
Will this affect in search engines bot accessing website
WPBeginner Support
Nope.
Administrador
Martin Fuller
I am at a loss to understand why the makers of WordPress itself do not address this problem of protection and security
Ezeugwu Paschal
Website Security is a big deal entirely and not everybody is excellent at it. If the makers of Wordpress focus thoroughly on security, I bet you we will still be running WordPress version 1.2alpha. It’s better when another set of people takes one of the flaws as their major concern and try as much as possible to fix them.
Mary
Sucuri is awesome, They have helped me with my site. I’ve looked into other malware removal services and it’s expensive. For $199 a year, you get awesome support, an awesome firewall, awesome advice, and they will even remove the malware for you. If your site gets some good traffic, it’s important to secure your site.
simpson
can i use together free cloudflare service and sucuri?
David
First and obvious question — how does Sucuri compare to CloudFlare? CloudFlare’s basic plan is free, and does lots of the same things. Why should one switch to Sucuri at $200 a year from CloudFlare (free or $20 a month?)
Editorial Staff
You don’t get the web application firewall on Cloudflare free plan. Your site also don’t get much optimization on the free plan.
On their $20 / month plan, you do get WAF but that comes out to $240 / year. You also don’t get Advanced DDoS protection for which Cloudflare charges $200 / month (so $2400 / year).
On the other hand Sucuri gives you WAF + Advanced DDoS protection for $199 / year. And if you want DDoS protection on Layer, 3, 4, & 7 — that’ll be $499 vs CloudFlare’s $2400.
Aside from price comaprison, Cloudflare doesn’t offer malware cleanup guarantee that Sucuri includes as part of their service.
Administrador
GdiGesu
This is very helpful. Thanks.
shiva
Our website is an huge database and fully loaded with latest windows softwares
Our website traffic (hummans) : 5-10K & hits : 20-25K, we are worring same problem , what you said in post.
When i tried our website on cloudflare as plan 20$/month, If set security ” iunder attck mode” , we got blocked adsense for one day. we got mad, now i removed cloudflare , i added maxcdn & keycdn . it works okay not perfect for security purpose.
Compare to keycdn , maxcdn is excellent work for speed . Still im looking some thing perfect security for wordpress. we will try for this. and also i will post a review on securi in next month.
Ashu Xlon
Actually Cloudfare do not totally protect you in their free basic version.They consider all the sites same that’s why there is no specialized security for wordpress whereas wordpress has its own security issues and needed to patched separately.
Abhay
Thank for this article. This is much needed. Sucuri is also of great help in identifying the malware in the site and it’s root. One observation I have on Sucuri, even when there is a malware in the website (because of which the hosting service provider first blocks port 80 and then the website), Sucuri does not show any malware / risk in the website. That’s suprising.
Editorial Staff
If you’re using their free scanner tool on the website, then yes that won’t detect all malware specially the ones that are hidden inside your server.
However the server side scan will detect those.
Administrador