I will tell you my story from how i stumbled with Sucuri and my experience using it. Last Time My Bing Advertising Account is suddenly suspended. I really shocked and Ask with the Bing Support, what happened. They said that this website (buythiz.com) has infected by malware and blacklisted by several search engine
My website is made from WordPress and when I check my dashboard I can see some of my post is missing and new post from nowhere come up. In my opinion it is because I use outdated and old Themes and plugin.
So a little advice for WordPress user. Make sure to use updated themes and Plugin to protect your website for attack. Outdated themes and plugin will make your website vulnerable.
Then I ask my hosting to clean my malware. But unfortunately they cannot, because simply they don’t provide the service. And they recommend me the service called Sitelock
Luckily I always check the product on the internet before I buy it. Try to google “sitelock review” and you will find pissed user review like this one
From the review I can say that it is better to avoid them. Also my friend experience the problem like me where some of his post is disappearing and his website is messed. After using Sitelock it is still the same. So I look for another alternative I checked for free security WordPress plugin
And found some candidates like Sucuri, Ithemes Security, Acunetix, Wordfence, Anti-Malware Security and Brute-Force Firewall
But all of the Free Version of the plugin cannot remove the malware on my site, most of them is for malware scanning & Fixing vulnerabilities. So I thought I must get the premium version, but which one is the best.
I took time for researching and found that sucuri website antivirus is the one that can solve my problem
At First I was skeptical what if Sucuri cannot clean my malware and remove my blacklisting, I ask for the support, and the response is pretty fast. And they say
If for any reason we can't clean your website or if your website is clean, and we do not detect or remove any malware, you can request a refund within 30 days. But that is unlikely to happen since we can clean any malware from any website. That is why we guarantee our work:
My Experience Using Sucuri Web Antivirus
With that iron clad guarantee I had nothing to lose, so I dove in and purchased the Basic Plan. I added my website and then made a malware removal request. Please note that the malware removal process is not done automatically. You must make a support ticket and provide a user account to connect to your server either ((FTP/SFTP/SSH). Your cpanel account is fine too. You can ask your hosting provider if you don’t understand.
In case you feel unsecure to give Sucuri your CPanel Account.
Here is how to create your FTP Account for Sucuri:
- Login to your Cpanel Hosting
- Find the menu FTP Manager/Account.
- And then create the user account & Password. Set The Directory to the root directory of your website
- Give that credential info when you create Sucuri malware removal request support ticket.
Here is how the malware removal request looks.
After I submit my request, in around 2 – 4 hours, they already found the malware.
As you can see the malware came from my outdated WordPress theme. That’s why if you are a WordPress user, make sure you always update your theme/plugin.
And then they also hardening my WordPress file so it won’t be vulnerable to attack again. They also submit my website to Norton for Blacklist Review. Norton averages a few days to review and de-list once a website is submitted
And so my problem solved and my Bing Account reactivated again. If you want to check your site health for free, you can go to FREE Sucuri Site Checker
Although the scan is not deep, it is free. With this scanner you can check your website for known malware, blacklisting status, website errors, and out-of-date software.
What is Sucuri?
Sucuri is a complete website security to monitor, clean and protect any website from malware, blacklists, phishing, infections, defacements, SEO spam, DDOS , Brute force attack and more.
Sucuri also compatible with many of CMS Platform like WordPress, Joomla, Magento, Drupal, PHP BB, Microsoft .Net and V Bulletin.
There are 2 Main Paid Services that sucuri provides. They are Website antivirus and Firewall. We will take a closer look at both of them.
Sucuri Firewall (CloudProxy)
It is a Cloud-Based Protective Layer which does not require you to install anything to activate it. With few changes of your DNS Record, Sucuri Firewall will protect your site from many attack and issues that webmasters face every day such as
- DDOS Attack
- Brute force Attack
- Malicious bots
- SQL Injections, XSS, RCE, RFU and all known-attacks
Plus the service will do Virtual patching and hardening to improve your security, and also it helps prevent your website from Reinfection in the future.
The process goes like this: All of your website traffic will be redirected to the firewall, so it can filter malicious traffic and filtering only good traffic to your site.
When you enable this firewall, your website also benefits from better performance and speed because of sucuri caching, acceleration and anycast CDN, which is included in their service. Look at my Stat here at GTMetrix when I enabled my Cloud Proxy Firewall. GTMetrix is a website to analyze Site Speed.
( Note : the image below is the status on 2016. But now i moved my website to wordpress.com business plan , so there will be a difference )
I Got Score A & B for Page Speed With Loading Time 2.2s ( Result may different from time to time ). Previously, I Got Grade D & C with Loading Time between 3.5 and 4.5 s (Sorry I don’t get screenshot my site before I enable my firewall). As you can my site performance is really improved with Sucuri firewall.
Here is how the Firewall Settings Look
From the screenshot, you can see the Firewall can also help you
- Restrict your website admin panel like (we-admin) to only whitelisted ip address
- Block XSS and Clickjacking Attack by adding additional security header
- Prevent Anyone to upload PHP , Perl or executable file to your server (Unless your website allow user to upload ) , Whitelisted ip address still can upload
- Block Repeat Attacker with Advanced Intrusion Detection
- Block Anonymous Proxies And top 3 Attack Countries (China, Russia and Turkey )
- Protect Certain Page with Passcode or 2 Factor Authentication
- Block Certain Countries to Access your website , you can block it completely or set the selected country to be able to read only and they cannot login , sign up or post anything
- Prevent Firewall Bypass as an additional Security
From here I can conclude that sucuri firewall has a lot of great features for your website protection
The Firewall is only for Attack prevention & Protection. And If your website has already been hacked, attacked, has infected by malware and you want to clean it up, you will need Website Antivirus Service.
Sucuri Website Antivirus
This is the complete security service which allows you to clean and fix
- Your Hacked Website
- Malware Infection
- Phishing files
- Malicious Redirects
- Pharma Hack
- SEO Spam Injection
Please note the time needed to clean up and fix your website varies. It depends on your website’s complexity. In my case it only took 1 day
Website Antivirus also
- Include free Firewall products which I have already explain above.
- Allow you to monitor and scan your website security continuously. Also you can monitor Content, DNS, and SSL & Whois change. You also can get the report sent to your mail either weekly or monthly. Here is the Monitoring screenshot.
- Provide Unlimited Cleanup on Unlimited pages in case you got attacked again (IMPORTANT ONE)
- Enable Trust Seal to make your visitor feel safe to visit your website. Just copy paste the code on your website and you’re good to go
Sucuri Price, Guarantee & What Plan is best for me
Succuri Website Antivirus & Firewall comes in 3 Plans: Basic, Pro & Business
The Main Difference between all 3 plans is
|Website Type||For Blog||For E Commerce||For Business|
|Malware Removal & Clean up||12 Hour Response||6 Hour Response||4 Hour Response|
|DDOS Protection||Layer 7 Only||Layer 7 Only||Layer 3,4,7|
|Advanced Load Balancing/Failover||–||–||24/7|
|SSL Support||LetsEncrypt Cert||HTTP/HTTPS
Comodo or Custom Cert
Comodo or Custom Cert
|Continuous Malware & Hack Scanning
Brand Reputation & Black List Monitoring
|Every 12 Hours||Every 6 Hours||Every 30 Minutes|
|Customer Support||Ticket||Ticket||Instant Chat + Ticket|
|Website Antivirus Price
( FIREWALL INCLUDED )
Billed Annually at $ 199.99
Billed Annually $ 299.99
Billed Annually at $ 499.99
|Sucuri FIREWALL Only Price||$ 9.99/Month/Site||$ 19.98/Month/Site||$ 69.93/Month/Site|
Advanced Load Balancing/Failover Feature allows you to setup multiple IPs in CloudProxy, so if one of your web servers fail, CloudProxy can automatically start pulling data from the backup IP that is still working.
What is layer 3, 4, 7 on DDOS Protection? Layer 3 and 4 effectively involve attacking the protocol methods and routing, eg TCP or IPX. Layer 7 is an application layer attack, so for example it would involve sending many requests that make PHP execute on the web server and overloading the server at the PHP level.
If your website has https Protocol, you will need the pro/business plan. Basic Plan just only supports Free LetsEncrypt SSL Cert and you cannot upload your own SSL certificate to the CloudProxy servers. So if your website is just an ordinary blog or website, Basic Plan is more than enough.
I recommend you buy the Website Antivirus Plan as it includes the sucuri firewall since you don’t know what kind of malware, malicious bot/script that has already planted on your website, and if you just let it happen it will make big trouble in your future.
For my case because I didn’t install the sucuri antivirus previously, my website was infected by malware and caused my Bing account, which I use for my affiliate marketing, to be locked down for around 10 days (the cleanup process is quick just 1 day, but the Bing’s process to check & reinstate my account took a few days), and it means I lose my profit during these 10 days. That’s really painful.
Another painful story because I don’t purchase Sucuri before, is my website sometime got full disk space usage because of malware that generates junk files that fill up my empty space. It happens once in 1 – 2 month , I sometimes get banned by my hosting because of this issue , believe me it really make me upset , wasting my precious time to just clean up the malware .
Believe me, don’t hesitate to buy sucuri website antivirus, before you experience trouble like me or bigger in the future.The price might be little expensive since you will be billed annually, but it is a steal compared to the service you will get.
Important Note when you want to buy Sucuri
- IF your website is already attacked/infected/blacklisted/hacked , you need to purchase the Sucuri Website Antivirus Plan , The Sucuri Firewall is only for Attack Prevention & Protection only
- 1 Website Antivirus License is for Per Site and Per Subdomain. For example you have 2 different site for example ABC.com and XYZ.com you need to purchase 2 License.
If you have Subdomain you also need different license.For example you have ABC.com and Subdomain Forum.ABC.com.
You need to purchase 2 License to protect both of them
However 1 license can protect all subdirectors at the root of the site for example site.com/yoursubdirectories
- However 1 License of CloudProxy Firewall plan will cover the main domain and all subdomains (as long as they are hosted on the same IP as the main domain)
- Sucuri Firewall have monthly payment while the antivirus only has annual payment
- For Website Antivirus there are full 30 days money back guarantee if they cannot clean your malware. While the firewall can be refunded as long it is within 30 days from the purchase
When you buy it, you will be creating a sucuri account which is your Simple & Easy way to use admin dashboard, and you can start monitoring/clean up/protect your website instantly. No need to wait, And Don’t forget to open malware removal ticket manually, as it cannot be done automatically.
Verdict & Conclusion
I truly recommend anyone to get Sucuri Website Antivirus. I’ve bought it and tried it and it really solves my problems. In my opinion, just with this service, you don’t need to install any other security software/plugin.
Sucuri Website Antivirus does include the firewall to protect and give better speed and performance to your website.
Their support response is awesome and there is a 30-Day iron clad money back guarantee so there is nothing lose.
- Can Improve your Website Speed & Performance with Sucuri Firewall and CDN
- Easy to use and understand dashboard admin
- No Need to install anything on your server
- Provide unlimited cleanup, continuous monitoring and great protection for your website. no need to install another security plugin
- Quick & Responsive Support
- 30-Day Iron Clad Money Back Guarantee if they failed to clean your website
- Competitive Price but Great Service & Feature
- Might need a bit technical site on your side to provide your hosting account/FTP Account. But it is very easy to do , you can ask from your hosting provider if you don’t understand