Complete Guide of Popular WordPress Security Plugin
Your Complete Guide To Use The Popular WordPress Security Plugin
Nowadays Sucuri is one of the most potent ways to make the internet safe for you and your family. The popularity of sucuri precedes its functionality. Additionally, it comes under the free security plugin in WordPress. In short! It is free for all. In this post, let’s dive deep into how the WordPress security plugin works. Plus how to easily get it on your website and leverage its features. Moreover, we will touch base on what you can expect from this security plugin.
So, here we go…
Installation And Activation
Sucuri WordPress security plugin is free for users. This security plugin works to add an extra layer of protection to your existing security. Thus, offering its users a set of security features which can help you to ease out. For example: –
- Activity Auditing
- File Integration and Monitoring
- Remote Scanning
- Blacklist Monitoring
- Security Hardening
- Post-Hack Security Actions
- Security Notification
- Website Firewall
Website Firewall is only recommended for full-spectrum malware protection as well as DDoS protection. In a complete security plan, you would get everything from backup, server-side detection as well as emergency response.
Let’s Install the WordPress Security Plugin
Sucuri scanner is available on the official WordPress.org plugin repository. In other words, it can be installed, then activated by any user with administrator rights. To install the sucuri scanner all you need is WordPress version 3.6 and above. Follow these steps to install the WordPress security plugin: –
- On WordPress dashboard, go to repository plugin > add new ( left side of the dashboard )
- Type Sucuri in the search box and press the enter key.
- Notice on the upper side of available plugin, you would be able to sucuri logo
- It would say Sucuri Security – auditing, malware scanner, and security hardening
- Click on the install
- Now click on Activate
Following these steps would take you to install the plugin page. Once installing and activating is completed, you will get complete access to the overall features of the sucuri plugin. Access it from the right-side menu of your WordPress dashboard.
Generate API
Next, it is essential to activate the API. Doing this would allow your WordPress account to easily connect to the sucuri server. So, in case someone attacks your website or your website gets compromised, or if plugins log gets removed – they can be recovered back. Using a sucuri server is easy to recover removed plugin audit logs. Here follow these steps to generate the API key for the Sucuri plugin: –
- First log in to your WordPress website as admin
- Next, open sucuri plugin
- Now you have to click on Generate API Key on the upper right side of your screen
- Tick the checkbox saying “Terms of Service” and “privacy policy”
- Click on submit
Once you complete the steps an email confirmation will be sent to the primary email address. Kindly login to your primary email address and confirm the submission.
API Service Communication
The API is generated, now the plugin will communicate with a remote API service. The remote API acts as a safe data storage. This storage is used for keeping audit logs. On the other hand, if a website is hacked, then the attacker will not be able to access these logs. Moreover, you can investigate the modification easily. And, know how attackers gain access to your unique website.
Subdomains And Multisites
This one section is only relevant to users who installed WordPress Multisite installation. On the other hand, if you have a single site in your WordPress, then simply skip to the next section. The sucuri plugin used the administration email and the domain name of the site. Using these two elements it generates an API key. This API key is also applied to subdomains and through it, information is communicated/transferred. Since there is a high percentage of data that needs to be processed by the API interface. Some of its performance also depends on the WordPress core files. Furthermore, all the information stored is uploaded to folders. This is a unique feature of the plugin.
As far as multisite installation is concerned – it is a bit different. It is the WordPress MU installation. It forces each site to simply share the core files. So, in general, the content inside the “Wp-content” directory is where all plugin data is stored. In other words, all information is processed by the plugin itself except the settings.
Unique Installation
When multiple subdomains are created, it is almost a unique installation of WordPress per site. For example, each subdomain would have its database and permissions. All you need to do is install the plugin separately for each subdomain as well. So, each subdomain will not get affected by the API key, audio log, or hardening, or any other plugin settings.
Multisite
So, you have a network-based installation. If it is associated with a unique installation of WordPress, this would mean that there is only one database. And, it will give you multiple options tables.
Note: It is that information like audit logs, login information, and hardening would be shared during the installation of a plugin, inside the network. However, the setting will only affect the website that it is applied to.
In short, you can install the plugin simply one time and for all network-based installations instead of one-by-one installation.
What’s Next…
In the upcoming post, we will learn more about WordPress hardening, email alerts, malware scanning, core integrity check, and much more. We just scratched the surface of the sucuri WordPress plugin and there is a lot to explore.
