Home WordPress Security How To Install And Set Up Sucuri Security WordPress Plugin

How To Install And Set Up Sucuri Security WordPress Plugin

How To Install And Set Up Sucuri Security WordPress Plugin

WordPress is one of the most powerful, popular, and customizable platforms in the world, like any other CMS on the internet. WordPress is a delightful target for hackers, to keep the bad boys out and gain peace of mind you will need to install a security plugin on your WP site! Sucuri Security is a free plugin designed to protect your WordPress installation from malware, known exploits, and intrusion attempts.

Follow these steps to install the best WordPress security plugin Sucuri Security to add strength to your WordPress installation.

Log in into your WordPress administration dashboard and, from the sidebar, click on Plugins > Add New. Search for Sucuri Security and install it, then activate the plugin.

Install plugin

Once the plugin is activated, you’ll see a new Sucuri Security entry in your Dashboard sidebar.

Plugin menu

Go to Sucuri Security > Dashboard and click the button that says Generate API Key to activate Sucuri’s event monitoring feature. This gives you a unique key with which to validate your website upon the remote Sucuri WordPress API service.

Generate API key

Make sure to understand the notes regarding API support before you click the Submit button.

API generation

Once Sucuri Security is active, you should start receiving email warnings of major events. These include a user authenticating, or failing to authenticate when a file is uploaded, a post or page published, etc.

The Sucuri Security dashboard

The Sucuri Security dashboard presents a complete report of your WordPress integrity. You’ll be informed if your core WordPress files have been changed (possibly, but not always indicating a security issue). You can analyze modified files, check blacklisting reports, and examine audit logs.

SEE ALSO  Scan WordPress For Malware Using Anti-Malware Security And Brute Force Firewall

To refresh the report on screen, click on the Review button.



A premium version of the plugin carries a robust web application firewall (WAF) that defends your website from attacks and blocking malware infections and reinfections. It will block SQL injection attempts, brute force attacks, XSS, RFI, backdoors, and many other menaces.

Select Sucuri Security > Firewall (WAF) and enter your Firewall API key to unlock the feature for configuration.


Review security logs and blocked users

Sucuri Security supports automated blocking of users based on their activity. For instance, if a user (or a bot) frequently attempted to log in to your WordPress administration dashboard using randomly generated usernames (or your site name), the plugin could recognize this suspicious activity and block the IP address.

Blocked users

You can review login attempts and blocked users via Sucuri Security > Last Logins. If you notice that the plugin has mistakenly blocked a user, go to the Blocked Users tab to review and unblock user access. You can also review Failed logins, currently Logged-in users.

Go ahead and visit the plugin Settings page to configure Sucuri Security, including alerts, security hardening options, file system scanner paths, and other features.

Alternative installation via file manager & FTP clients

Whilst installing the plugin via the WordPress administration dashboard is the simplest method of activating Sucuri Security, you may choose to do so within the cPanel File Manager.

First, download the Sucuri Security installation file from the WordPress Plugin repository.

Download plugin

Next, log in to your HostPapa Dashboard and choose My cPanel.

SEE ALSO  Best Fully Managed WordPress Hosting

My cPanel Menu

Now select File Manager.


Go to your WordPress plugins folder using the folder tree in the left sidebar. Head on to: /path/to/wordpress/wp-content/plugins

cPanel File Manager

Click Upload in the top menu and then click Select File to find your downloaded Sucuri Security zip file.

Upload button

Upload the file to your server. Once finished, return to the plugins folder and then right-click the uploaded file. Right-click and select Extract in the context menu that appears, to unpack the file.


Once extracted, you can go ahead and delete the Sucuri Security zip file.

Go back to your WordPress administration Dashboard and navigate to the Plugins section by the sidebar. Select Installed Plugins.

installed plugins

You’ll see Sucuri Security – Auditing, Malware Scanner and Hardening in the list of installed plugins, click Activate to proceed.

You can as well install the plugin using the downloaded zip file and an FTP client (FileZilla), instead of using the cPanel File Manager. Make sure to upload the file to your WordPress plugins folder and extract the archive before trying to activate it in the WordPress administration Dashboard.