How to secure WordPress with a firewall using Sucuri
In yesterdays post we explored the importance of having a Web Application Firewall for your WordPress website, and then we walked you through how to secure WordPress with a firewall using Cloudflare. Today we are covering Sucuri. Sucuri has evolved into more than just a WordPress firewall as they are now covering all sorts of different platforms. They have gained credibility and respect in the industry for being leaders in the field for WordPress and website security.
Why Sucuri?
For clients that are security conscious and want an extra piece of mind that their website is protected, we always recommend and setup Sucuri. There are a huge range of WordPress specific security settings, as well as new performance enhancing features. For those wanting to use a CDN as well, they have Cloudflare compatibility out of the box and rumour has it they are launching their own CDN soon.
Perhaps the biggest feature that sets them apart from the competition is their Malware scanning, detection and removal service. Prevention is always better that the cure, and Sucuri is epic at preventing hacks, however in the unlikely event something makes it onto your server, the team at Sucuri will notify you, and you can request the malware be removed. Their turn around times in our experience have been super fast when we have recommended potential clients who approach us with hacked websites to Sucuri.
Using their firewall (CloudProxy) helps prevent individuals (or hackers) from infiltrating your site. It eliminates the option of direct access to your site by it’s IP address. CloudProxy will detect if the activity is suspicious and block accordingly. Using Sucuri is seamless, it serves your site whilst blocking unwanted malware, SQL injections. It can also improve the speed of your website by 50%.
Setting up Sucuri
Sucuri, is really easy to setup, and doesn’t involve lots of scary DNS changes for email etc. The DNS change they need you to make is quick and painless.
Here is an overview of the four steps for getting Sucuri rocking and rolling with your WordPress website:
- Sign up for Sucuri. ($199 “Website AntiVirus + Website Firewall (WAF)” package is great for most sites)
- After sign up, on the dashboard under “CloudProxy”, add the domain you wish to be protected
- Change your DNS A records to point to Sucuri *
- Review/configure your security settings
DNS*
Usually you control your domains DNS through the domain registrar you used. (For example, GoDaddy or Namecheap). In the control panel, navigate to their DNS section and update the “A Records” to those given you in the CloudProxy setup page. You should see instructions looking something like this:
Once the DNS has been altered it can take up to 24 hours to propagate. Once it has propagated, all traffic will go through their firewall. (Boom).
Security settings
There are a wide range of security settings you could apply. Default settings have been carefully thought out by the development team behind CloudProxy and they are enough to protect most sites. If you have access to IT resource within your company, we recommend you connect with them to see if there are any further settings you may wish to take advantage of.
As an example, we utilise:
- restriction on /wp-admin/ to whitelisted IP addresses (Called “Admin panel restricted to only Whitelisted IP addresses”)
- block on allowing unfiltered HTML code being posted to the site (Called: “Stop unfiltered HTML from being sent to your site”)
Support
You can always seek support from Sucuri direct, who have a ticketing system, or put your IT department in touch with them to “talk geek”.
What are your experiences with Sucuri? Any recommended settings? Share in the comments below.
If you need help getting setup, we offer a installation and configuration service. Get in touch for more information.