Whenever we’re asked about WordPress security tips, our top 2 recommendations are get a good WordPress backup solution and start using Sucuri website firewall. In this article, we will share our honest review of Sucuri’s website firewall and why it’s worth every single penny!
每当询问有关WordPress安全提示的信息时,我们的前2条建议就是获得良好的WordPress备份解决方案并开始使用Sucuri网站防火墙 。 在本文中,我们将分享对Sucuri网站防火墙的诚实评价以及为什么值得每一分钱!
Full Disclosure: No we did not get paid to write this Sucuri review. We’re just happy customers of Sucuri. They have a referral program available for all their customers, so if you decide to use Sucuri by clicking on our referral link in this article, then we will get a small commission. However we only recommend services that we personally use and believe will add value to our readers.
全面披露:不,我们没有获得这份Sucuri评论的报酬。 我们只是Sucuri的满意客户。 他们有一个适用于所有客户的推荐程序,因此,如果您决定通过单击本文中的推荐链接来使用Sucuri,那么我们将获得少量佣金。 但是,我们只推荐我们个人使用的服务,并相信会为我们的读者增加价值。
一点背景 (A Little Background)
WPBeginner is one of the largest free WordPress resource sites on the planet. Because of that, we often have to deal with website attacks. This includes brute force attacks, feed attacks, DDoS, and a whole lot of spam.
WPBeginner是地球上最大的免费WordPress资源网站之一。 因此,我们经常不得不应对网站攻击。 这包括蛮力攻击,提要攻击,DDoS和大量垃圾邮件。
That’s why we have always been extremely cautious. We have a real-time WordPress backup solution in place.
这就是为什么我们一直非常谨慎。 我们有一个实时的WordPress备份解决方案。
On top of that, we have password-protected our wp-admin directory, disabled PHP execution, changed the default WordPress database prefix, and basically followed every other security “hardening” trick.
最重要的是,我们已经对wp-admin目录进行了密码保护 , 禁用了PHP执行 , 更改了默认的WordPress数据库前缀 ,并且基本上遵循了所有其他“增强”技巧。
While you can follow all the “prevention” best practices at the software “WordPress” level, the reality of the matter is that security has to be addressed at the hosting server level and more importantly the DNS level.
尽管您可以在软件“ WordPress”级别遵循所有“预防”最佳实践,但实际情况是必须在托管服务器级别(更重要的是DNS级别)解决安全问题。
During the attacks, our website would slow down significantly due to the high server load. Sometimes it would even cause the server to restart causing downtime.
在攻击期间,由于服务器负载过大,我们的网站将显着减速。 有时甚至会导致服务器重新启动,从而导致停机。
That’s when we started looking for a DNS level firewall solution.
从那时起,我们开始寻找DNS级别的防火墙解决方案。
We already had the Sucuri WordPress plugin installed on the site, so we decided to give their web application firewall (WAF) a try.
我们已经在网站上安装了Sucuri WordPress插件 ,因此我们决定尝试使用其Web应用程序防火墙(WAF)。
Some of you are probably confused by the tech-lingo and wondering what does Sucuri do and what is a WAF?
你们中的某些人可能对技术术语感到困惑,想知道Sucuri做什么,什么是WAF?
Sucuri概述 (Overview of Sucuri)
Sucuri is a website security company that specializes in WordPress security. They protect your website from hackers, malware, DDoS and blacklists.
Sucuri是一家网站安全公司,专门研究WordPress安全。 它们可以保护您的网站免受黑客,恶意软件,DDoS和黑名单的攻击。
When you enable Sucuri, all your site traffic goes through their cloudproxy firewall before coming to your hosting server. This allows them to block all the attacks and only send you legitimate visitors.
启用Sucuri后,所有站点流量都将通过其cloudproxy防火墙,然后再进入托管服务器。 这使他们可以阻止所有攻击,仅向您发送合法的访问者。
See the illustration below:
请参见下图:
The biggest benefit of Sucuri is that it makes your website secure. On top of that, the firewall makes your website faster, and you save money on your hosting bill because your server load goes down significantly.
Sucuri的最大好处是它使您的网站安全。 最重要的是,防火墙可以使您的网站更快,并且可以节省托管费用,因为服务器负载显着下降。
As soon as we enabled the Sucuri firewall, we started seeing the difference in performance. The attack overview inside the Sucuri dashboard was just eye opening.
一旦启用了Sucuri防火墙,我们就开始看到性能的差异。 Sucuri仪表板内的攻击概述令人大开眼界 。
WPBeginner的Sucuri防火墙结果 (WPBeginner’s Sucuri Firewall Results)
Within the first three months, Sucuri helped us block over 450,000 WordPress attacks.
在最初的三个月内,Sucuri帮助我们阻止了超过450,000次WordPress攻击。
A break down of some of the common blocked requests:
某些常见的被阻止请求的分解:
- Exploit blocked by virtual patching (115,946 blocked attempts) 被虚拟补丁程序阻止的利用(115,946次阻止尝试)
- Blacklisted IP address (72,495 blocked attempts) 已列入黑名单的IP地址(72,495次阻止尝试)
- Bad bot access denied (45,299 blocked attempts) 错误的漫游器访问被拒绝(45,299次阻止尝试)
- Backdoor location denied (29,690 blocked attempts) 后门位置被拒绝(29,690次阻止尝试)
- DDOS attempt blocked (29,676 blocked attempts) DDOS尝试被阻止(29,676次阻止的尝试)
- Fake bot access (24,571 blocked attempts) 伪造的漫游器访问(24,571次阻止尝试)
- Evasion attempt denied (21,887 blocked attempts) 逃避尝试被拒绝(21,887次阻止尝试)
- Spam request blocked (14,313 blocked attempts) 垃圾邮件请求被阻止(14,313次阻止尝试)
- Scanning tool blocked (13,842 blocked attempts) 扫描工具被阻止(13,842次阻止尝试)
Now most of you are probably thinking that WPBeginner is a huge site that’s why we’re a bigger target.
现在你们大多数人可能都认为WPBeginner是一个庞大的网站,这就是我们成为更大目标的原因。
Not entirely true. Often smaller sites are an easier target for hackers because they don’t take any security precautions. At this very moment, your website is probably getting attacks, and you just don’t know about it.
并非完全正确。 通常,较小的站点更容易成为黑客的攻击目标,因为它们没有采取任何安全预防措施。 此时此刻,您的网站可能正受到攻击,而您对此一无所知。
Sadly, when most people find out it’s a bit too late because they’re hacked. That’s why articles like how to find a backdoor in a hacked WordPress site and how to fix “this site ahead contains harmful programs” error are among the most popular on WPBeginner.
可悲的是,当大多数人发现它已经被黑客入侵时,为时已晚。 这就是为什么在WPBeginner上最受欢迎的文章,例如如何在被黑的WordPress网站中找到后门以及如何修复“该网站前面包含有害程序”错误 。
If you are running a business website, then Sucuri is a MUST HAVE solution because it offers complete end-to-end WordPress security.
如果您经营的是商务网站,那么Sucuri是必不可少的解决方案,因为它提供了完整的端到端WordPress安全性。
我们爱Sucuri的5个理由 (5 Reasons Why We Love Sucuri)
We are absolutely in love with Sucuri. Aside from using it on WPBeginner, we’re also using it on our other sites like List25 and SyedBalkhi.com.
我们绝对爱上了Sucuri。 除了在WPBeginner上使用它之外,我们还在其他网站(例如List25和SyedBalkhi.com)上使用它。
Below are the 5 reasons why we love Sucuri.
以下是我们爱Sucuri的5个理由。
1. Blocks all the Attacks
1.阻止所有攻击
Sucuri’s firewall blocks all the attacks before it even touches our server. Since they’re one of the leading security companies, Sucuri proactively research and report potential security issues to WordPress core team as well as third-party plugins.
Sucuri的防火墙甚至可以在抵御我们的服务器之前阻止所有攻击。 由于它们是领先的安全公司之一,因此Sucuri会主动研究潜在的安全问题并将其报告给WordPress核心团队以及第三方插件。
Their team closely works with the respective developers in fixing the security issues. Once fixed, Sucuri patches those vulnerabilities at the firewall level in case you didn’t get a chance to update your plugin fast enough.
他们的团队与各自的开发人员紧密合作,以解决安全问题。 修复后,Sucuri在防火墙级别修补这些漏洞,以防您没有足够快的时间更新插件的机会。
For example, the recent Elegant Themes vulnerability that was disclosed was already patched on Sucuri’s servers before you updated your plugins and themes. Meaning your site was ALWAYS secure.
例如,在更新插件和主题之前,已在Sucuri的服务器上修补了最近披露的Elegant Themes漏洞。 这意味着您的网站始终是安全的。
2. Website Integrity Monitoring
2.网站完整性监控
We have the Sucuri 2-in-1 Website AntiVirus package which comes with the Sucuri scanner. It monitors our website every 3 hours to ensure that it is clean of malware, malicious JavaScript, malicious iframes, suspicious redirections, spammy link injections etc.
我们提供了Sucuri扫描仪随附的Sucuri 2合1网站防病毒软件包。 它每3小时对我们的网站进行一次监控,以确保其没有恶意软件,恶意JavaScript,恶意iframe,可疑重定向,垃圾链接注入等。
The scanner also makes sure that our site is not blacklisted by any of the popular services like Google, Norton, AVG, Phishtank, Opera and others.
扫描仪还可以确保我们的网站没有被任何受欢迎的服务(例如Google,Norton,AVG,Phishtank,Opera等)列入黑名单。
This helps you keep your reputation intact and keeps your users from seeing warnings like these:
这可以帮助您保持声誉,并防止用户看到以下警告:
3. Site Audit Log
3.现场审核日志
Sucuri’s WordPress plugin keeps track of every thing that happens on your site.
Sucuri的WordPress插件可跟踪您网站上发生的所有事情。
This includes file changes, new posts, new users, last logins, failed login attempts, and more.
这包括文件更改,新帖子,新用户,上次登录,失败的登录尝试等等。
4. Server Side Scanning
4.服务器端扫描
When you’re dealing with smart hackers, you need to account for everything. Some hackers don’t care about infecting your users with malwares. Maybe they just want to add banner ads in your old post or replace your affiliate links.
与聪明的黑客打交道时,您需要考虑所有事情。 一些黑客并不在乎用恶意软件感染您的用户。 也许他们只是想在您的旧帖子中添加横幅广告或替换您的会员链接。
These kind of hacks are very hard to catch because they’re not as obvious, and you won’t get blacklisted for these.
这些骇客很难被发现,因为它们不那么明显,您也不会因此而被列入黑名单。
That’s when the server side scan comes in handy. Sucuri’s server side scanner goes through every single file (even non-WordPress files) to ensure that nothing suspicious exist on your server.
那时,服务器端扫描就派上用场了。 Sucuri的服务器端扫描程序会遍历每个文件(甚至是非WordPress文件),以确保服务器上没有可疑的东西。
It also audit events like file changes and such to keep you informed.
它还审核文件更改等事件,以使您了解情况。
5. Malware Cleanup Service
5.恶意软件清除服务
Even though all the reasons above well justify the cost, they also offer malware cleanup service with no page limits along with blacklist removal. We haven’t had to use this part of the service yet, but can you imagine having security experts cleaning up your site.
尽管以上所有原因都证明了成本合理,但它们还提供了无页面限制的恶意软件清除服务以及黑名单删除功能。 我们还没有使用服务的这一部分,但是您能想象有安全专家来清理您的站点吗?
On average security experts charge $250 / hour for consulting.
安全专家平均每小时收取250美元的咨询费用。
Since this can get quite expensive, Sucuri has an extra incentive to make sure that your website never gets hacked.
由于这可能会变得非常昂贵,因此Sucuri可以采取额外的措施来确保您的网站永远不会遭到黑客入侵。
我们的最终想法– Sucuri评论 (Our Final Thoughts – Sucuri Review)
Day after day, we hear stories of people’s websites getting hacked. We can honestly say that Sucuri is hands down the best and most cost effective security service in the WordPress industry.
日复一日,我们听到人们的网站被黑客入侵的故事。 老实说, Sucuri是WordPress行业中最好,最具成本效益的安全服务。
For $199 / year, it is the best insurance you can buy for your online business.
每年199美元,这是您可以为在线业务购买的最好的保险。
If government websites can be hacked, then so can yours – no matter what you do. However it’s much better to find out that your website is hacked from a monitoring service rather than finding out from your users or better yet from Google when they blacklist your website.
如果政府网站可以被黑客入侵,那么无论您做什么,您的网站都可以被黑客入侵。 但是,最好是从监视服务中发现您的网站遭到黑客入侵,而不是从用户或黑名单中的用户那里找到更好的方法。
More importantly, it’s definitely worth the peace of mind knowing that if something were to happen, we have a team of security experts who’ll help us clean everything properly.
更重要的是,绝对值得安心的知道,如果有什么事情发生,我们将有一组安全专家来帮助我们正确地清理所有内容。
Sucuri is a leading security company and they’ve been mentioned in major publications like CNN, USAToday, TechCrunch, TheNextWeb, and tons more. We have personally met with their co-founder and CEO, Tony Perez, and can honestly say that they are a trustworthy company, and we’re in good hands.
Sucuri是一家领先的安全公司,在CNN,USAToday,TechCrunch,TheNextWeb等主要出版物中都提到了它们。 我们亲自与他们的联合创始人兼首席执行官Tony Perez会面,并且可以诚实地说他们是一家值得信赖的公司,而且我们处境很好。
All the times that we have interacted with Sucuri’s support team, they have been quick, polite, and helpful.
在与Sucuri的支持团队互动的过程中,他们一直都很敏捷,礼貌且乐于助人。
If we were to rate Sucuri’s service and support, we would give them a 5 out of 5.
如果我们要对Sucuri的服务和支持进行评分,我们将给他们5分(满分5分)。
We hope you found our Sucuri review helpful. If you’re thinking about improving your WordPress security, then definitely check out Sucuri and give them a try.
我们希望您对我们的Sucuri评论有帮助。 如果您正在考虑提高WordPress的安全性,那么绝对可以试试Sucuri并尝试一下 。
Full Disclosure: No we did not get paid to write this Sucuri review. We’re happy customers of Sucuri. They have a referral program available for all their customers, so if you decide to use Sucuri by clicking on our referral link in this article, then we will get a small commission. However we only recommend services that we personally use and believe will add value to our readers.
全面披露:不,我们没有获得这份Sucuri评论的报酬。 我们很高兴Sucuri的客户。 他们有一个适用于所有客户的推荐程序,因此,如果您决定通过单击本文中的推荐链接来使用Sucuri,那么我们将获得少量佣金。 但是,我们只推荐我们个人使用的服务,并相信会为我们的读者增加价值。
If you liked this article, then please subscribe to our YouTube Channel for WordPress video tutorials. You can also find us on Twitter and Facebook.
如果您喜欢这篇文章,请订阅我们的YouTube频道 WordPress视频教程。 您也可以在Twitter和Facebook上找到我们。
扫一扫
554
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
