WordPress is one of the most powerful, popular, and customizable platforms in the world, like any other CMS on the internet. WordPress is a delightful target for hackers, to keep the bad boys out and gain peace of mind you will need to install a security plugin on your WP site! Sucuri Security is a free plugin designed to protect your WordPress installation from malware, known exploits, and intrusion attempts.
Follow these steps to install the best WordPress security plugin Sucuri Security to add strength to your WordPress installation.
Log in into your WordPress administration dashboard and, from the sidebar, click on Plugins > Add New. Search for Sucuri Security and install it, then activate the plugin.
Once the plugin is activated, you’ll see a new Sucuri Security entry in your Dashboard sidebar.
Go to Sucuri Security > Dashboard and click the button that says Generate API Key to activate Sucuri’s event monitoring feature. This gives you a unique key with which to validate your website upon the remote Sucuri WordPress API service.
Make sure to understand the notes regarding API support before you click the Submit button.
Once Sucuri Security is active, you should start receiving email warnings of major events. These include a user authenticating, or failing to authenticate when a file is uploaded, a post or page published, etc.
The Sucuri Security dashboard
The Sucuri Security dashboard presents a complete report of your WordPress integrity. You’ll be informed if your core WordPress files have been changed (possibly, but not always indicating a security issue). You can analyze modified files, check blacklisting reports, and examine audit logs.
To refresh the report on screen, click on the Review button.
A premium version of the plugin carries a robust web application firewall (WAF) that defends your website from attacks and blocking malware infections and reinfections. It will block SQL injection attempts, brute force attacks, XSS, RFI, backdoors, and many other menaces.
Select Sucuri Security > Firewall (WAF) and enter your Firewall API key to unlock the feature for configuration.
Review security logs and blocked users
Sucuri Security supports automated blocking of users based on their activity. For instance, if a user (or a bot) frequently attempted to log in to your WordPress administration dashboard using randomly generated usernames (or your site name), the plugin could recognize this suspicious activity and block the IP address.
You can review login attempts and blocked users via Sucuri Security > Last Logins. If you notice that the plugin has mistakenly blocked a user, go to the Blocked Users tab to review and unblock user access. You can also review Failed logins, currently Logged-in users.
Go ahead and visit the plugin Settings page to configure Sucuri Security, including alerts, security hardening options, file system scanner paths, and other features.
Alternative installation via file manager & FTP clients
Whilst installing the plugin via the WordPress administration dashboard is the simplest method of activating Sucuri Security, you may choose to do so within the cPanel File Manager.
First, download the Sucuri Security installation file from the WordPress Plugin repository.
Now select File Manager.
Go to your WordPress plugins folder using the folder tree in the left sidebar. Head on to: /path/to/wordpress/wp-content/plugins
Click Upload in the top menu and then click Select File to find your downloaded Sucuri Security zip file.
Upload the file to your server. Once finished, return to the plugins folder and then right-click the uploaded file. Right-click and select Extract in the context menu that appears, to unpack the file.
Once extracted, you can go ahead and delete the Sucuri Security zip file.
Go back to your WordPress administration Dashboard and navigate to the Plugins section by the sidebar. Select Installed Plugins.
You’ll see Sucuri Security – Auditing, Malware Scanner and Hardening in the list of installed plugins, click Activate to proceed.
You can as well install the plugin using the downloaded zip file and an FTP client (FileZilla), instead of using the cPanel File Manager. Make sure to upload the file to your WordPress plugins folder and extract the archive before trying to activate it in the WordPress administration Dashboard.