Wordfence and Sucuri are two of the best and most popular WordPress security plugins on the market.
Wordfence和Sucuri是市场上最好的和最受欢迎的WordPress安全插件中的两个。
They are both highly recommended and incredibly helpful in keeping your WordPress site secure. This makes it hard for beginners to choose which one is right for them.
强烈推荐它们,并且它们对确保您的WordPress网站安全也非常有用。 这使初学者很难选择哪一种适合他们。
While Sucuri and Wordfence have a lot of similar features, each has its own pros and cons.
尽管Sucuri和Wordfence具有许多相似的功能,但是它们各有其优缺点。
In this article, we will compare Wordfence vs Sucuri to share which one is better for overall WordPress security in our expert opinion.
在本文中,我们将比较Wordfence与Sucuri,以分享我们专家认为哪种对整体WordPress安全性更好。
比较Wordfence与Sucuri –寻找什么? (Comparing Wordfence vs Sucuri – What to Look For?)
Wordfence and Sucuri are the two top WordPress security plugins. They both offer comprehensive protection against brute force attacks, malware infection, and data theft.
Wordfence和Sucuri是两个顶级WordPress安全插件。 它们都提供了针对暴力攻击,恶意软件感染和数据盗窃的全面保护。
As a website owner, you need to choose a security plugin that not only protects your website but does it efficiently. You would also want something that requires little maintenance, so you can focus on growing your business.
作为网站所有者,您需要选择一个安全插件,该插件不仅可以保护您的网站,而且可以有效地保护您的网站。 您还需要很少维护的东西,因此您可以专注于发展业务。
Lastly, you need to pick a security plugin that is easy to use and does not require technical skills to setup / maintain.
最后,您需要选择一个易于使用且不需要技术技能来安装/维护的安全插件。
For this guide, we will be comparing Sucuri vs Wordfence side by side. Our comparison is divided into the following categories:
对于本指南,我们将比较Sucuri与Wordfence。 我们的比较分为以下几类:
- Ease of use 使用方便
- Website Application Firewall (WAF) 网站应用防火墙(WAF)
- Security Monitoring and notifications 安全监控和通知
- Malware scanner 恶意软件扫描器
- Hacked website clean up 被黑的网站清理
That being said, let’s take a look at how Wordfence vs Sucuri stack up and which one comes out as the best overall WordPress security plugin.
话虽如此,让我们看一下Wordfence与Sucuri的堆叠方式,以及哪个是整体上最好的WordPress安全插件。
使用方便 (Ease of Use)
Website security is a highly complex and technical field. That’s why our first comparison category is ease of use.
网站安全是一个高度复杂的技术领域。 这就是为什么我们的第一个比较类别是易用性。
Let’s see how easy it is to use Wordfence vs Sucuri to protect your website.
让我们看看使用Wordfence vs Sucuri保护您的网站有多么容易。
Wordfence –易于使用 (Wordfence – Ease of Use)
Setting up Wordfence is quite easy. Immediately after installing the plugin, it will ask you to provide an email address where you would like to receive security notifications. You would also need to agree with their Terms of service.
设置Wordfence非常容易。 安装插件后,它将立即要求您提供一个电子邮件地址,您想在其中接收安全通知。 您还需要同意他们的服务条款。
After that, you will see an onboarding wizard that will help you become familiar with the Wordfence dashboard. It points out where you’ll see security notifications and scans.
之后,您将看到一个入职向导,可以帮助您熟悉Wordfence仪表板。 它指出您将在哪里看到安全通知和扫描。
The plugin will turn on the website application firewall in the learning mode and run an automatic scan in the background. Depending on the size of your website, you will see notifications when the scan is finished.
该插件将以学习模式打开网站应用程序防火墙,并在后台运行自动扫描。 扫描完成后,您会看到通知,具体取决于您网站的大小。
Clicking on a notification will show its details with recommended action that you need to take. For example, here it showed us that our WordPress theme has a newer version available.
单击通知将显示其详细信息以及您需要采取的建议措施。 例如,在这里它向我们显示了我们的WordPress主题具有可用的更新版本。
The firewall by default runs as a WordPress plugin which is not very effective. Wordfence does allow you to run it in the extended mode for better protection, but you’ll have to set it up manually (more on this later).
默认情况下,防火墙作为WordPress插件运行,效果不是很好。 Wordfence确实允许您在扩展模式下运行它以提供更好的保护,但是您必须手动设置它(稍后将对此进行详细介绍)。
The basic Wordfence plugin setup is quite simple and does not require too much user input. The user interface is a bit cluttered which may make it difficult for beginners to find certain settings / option.
基本的Wordfence插件设置非常简单,不需要太多的用户输入。 用户界面有点混乱,可能使初学者很难找到某些设置/选项。
Sucuri –易于使用 (Sucuri – Ease of Use)
Sucuri offers a cleaner user interface with no unnecessary prompts popping up on the screen. It also runs a quick scan upon activation, and you will see notifications on the plugin’s dashboard.
Sucuri提供了一个更干净的用户界面,屏幕上不会弹出不必要的提示。 激活后,它还会运行快速扫描,您将在插件的仪表板上看到通知。
Sucuri’s website application firewall (WAF) is a cloud-based firewall which means it does not run on your server. In other words, no technical maintenance required on your end.
Sucuri的网站应用程序防火墙(WAF)是基于云的防火墙,这意味着它无法在您的服务器上运行。 换句话说,您无需进行任何技术维护。
You will need to add your API key and configure DNS settings for your domain name. This will allow the firewall to catch malicious traffic before it even reaches your WordPress hosting server.
您将需要添加API密钥并为域名配置DNS设置。 这将使防火墙能够在恶意流量甚至到达您的WordPress托管服务器之前就对其进行捕获。
Once setup, you will not need to worry about updating or maintaining it in the future.
设置完成后,您无需担心将来进行更新或维护。
Sucuri also makes it easy to perform recommended security hardening settings on your website. All you need to do is click to apply various security hardening setting.
Sucuri还使您可以轻松地在网站上执行建议的安全强化设置。 您需要做的就是单击以应用各种安全强化设置。
The overall user interface is nice. However, users will still need to dig deeper to find options that they are looking for.
总体用户界面很好。 但是,用户仍将需要更深入地挖掘以找到所需的选项。
Updating nameservers on domain registrar is an additional step that’s required to setup Sucuri’s firewall, and it can be a bit difficult for some non-techy users. The good thing is that most popular domain registrars like Domain.com, GoDaddy, etc will be able to help you set it up.
在域注册商处更新名称服务器是设置Sucuri防火墙所必需的附加步骤,对于某些非技术用户来说可能有些困难。 好处是, Domain.com , GoDaddy等最流行的域名注册商将可以帮助您进行设置。
Winner: Sucuri
优胜者: Sucuri
网站应用防火墙(WAF) (Website Application Firewall (WAF))
A web application firewall monitors your website traffic and blocks common security threats. There are different ways to implement a firewall (application based vs cloud based).
Web应用程序防火墙监视您的网站流量并阻止常见的安全威胁。 有多种实现防火墙的方法(基于应用程序与基于云)。
We believe cloud based firewalls are more efficient and reliable in the long run.
我们认为,从长远来看,基于云的防火墙将更加高效,可靠。
Both Sucuri and Wordfence offer website application firewall, let’s see how they differ.
Sucuri和Wordfence都提供网站应用程序防火墙,让我们看看它们之间的区别。
Wordfence网站应用程序防火墙 (Wordfence Website Application Firewall)
Wordfence offers a website application firewall that monitors and blocks malicious website traffic.
Wordfence提供了一种网站应用程序防火墙,可以监视和阻止恶意网站流量。
This is an application-level firewall, which means that it runs on your server and is less efficient than a cloud-based firewall.
这是应用程序级防火墙,这意味着它在您的服务器上运行,效率不如基于云的防火墙。
By default, Wordfence turns it on with the basic mode. This means the firewall runs as a WordPress plugin, so before an attack can be blocked, WordPress has to load. This can take up a lot of server resources, and it’s not efficient.
默认情况下,Wordfence使用基本模式将其打开。 这意味着防火墙作为WordPress插件运行,因此在阻止攻击之前,必须先加载WordPress。 这会占用大量服务器资源,并且效率不高。
To change that, you will need to manually setup Wordfence firewall in the extended mode. This will allow Wordfence firewall to monitor traffic before it reaches your WordPress installation.
要更改此设置,您将需要在扩展模式下手动设置Wordfence防火墙。 这将允许Wordfence防火墙在流量到达WordPress安装之前对其进行监视。
Since it’s an endpoint firewall, Wordfence can only block traffic once it has already reached your hosting server. In case of a DDOS attack or brute force attempt, your server resources will still be affected and your website performance will be down. It may even crash.
由于是端点防火墙,因此,Wordfence仅在到达主机服务器后才可以阻止流量。 如果发生DDOS攻击或蛮力尝试,您的服务器资源仍将受到影响,并且您的网站性能将下降。 它甚至可能崩溃。
When you first activate Wordfence, their firewall is in learning mode. It learns how you and other users access your WordPress website. During this time several firewall rules are not applied to make sure that legitimate website users are not accidentally blocked.
首次激活Wordfence时,其防火墙处于学习模式。 它了解您和其他用户如何访问您的WordPress网站 。 在这段时间内,没有应用几个防火墙规则来确保合法的网站用户不会被意外阻止。
Sucuri网站应用防火墙 (Sucuri Website Application Firewall)
Sucuri offers a cloud-based website application firewall, which means that it blocks suspicious traffic even before it reaches your hosting server.
Sucuri提供了一个基于云的网站应用程序防火墙,这意味着它甚至在到达托管服务器之前就阻止了可疑流量。
This saves you a lot of server resources and instantly improves your website speed. Sucuri’s CDN servers are located in different regions which is another added bonus for website speed.
这样可以节省大量服务器资源,并立即提高您的网站速度 。 Sucuri的CDN服务器位于不同的区域,这是网站速度的另一个额外优势。
To use the firewall, you will need to change your domain name’s DNS settings. This change would allow all your website traffic to go through Sucuri’s servers.
要使用防火墙,您将需要更改域名的DNS设置。 此更改将使您的所有网站流量都通过Sucuri的服务器。
There is no basic or extended mode. Once setup is complete, Sucuri’s WAF would start protecting your website from malicious requests, DDOS attacks, and password guessing attempts.
没有基本或扩展模式。 安装完成后,Sucuri的WAF将开始保护您的网站免受恶意请求,DDOS攻击和密码猜测尝试的侵害。
They have a robust machine learning algorithm that is sophisticated enough to prevent false positives.
它们具有强大的机器学习算法,该算法足够复杂,可以防止误报。
Sucuri does let you go from High Security mode to Paranoid mode when you experience DDoS. This makes sure that your website server doesn’t crash.
当您体验DDoS时,Sucuri确实会让您从高安全性模式转到偏执狂模式。 这样可以确保您的网站服务器不会崩溃。
Winner: Sucuri
优胜者: Sucuri
安全监控和通知 (Security Monitoring and Notifications)
As a website owner, you need to know if something is wrong on your website as soon as possible. A security issue can cost you customers and money.
作为网站所有者,您需要尽快知道网站上是否有问题。 安全问题可能会浪费您的客户和金钱。
To receive these notifications, you need to make sure that your WordPress site can send emails. The best way to ensure that is by using an SMTP service to send WordPress emails.
要接收这些通知,您需要确保您的WordPress网站可以发送电子邮件。 确保这一点的最佳方法是使用SMTP服务发送WordPress电子邮件。
Let’s see how Wordfence and Sucuri handle website monitoring and alerts.
让我们看看Wordfence和Sucuri如何处理网站监视和警报。
围栏监视和警报 (Wordfence Monitoring and Alerts)
Wordfence has an excellent notification and alerts system. First, notifications will be highlighted next to the Wordfence menu in the WordPress admin sidebar and dashboard.
Wordfence具有出色的通知和警报系统。 首先,通知将在WordPress管理侧边栏和信息中心的Wordfence菜单旁边突出显示。
They are highlighted according to their severity. You can click on a notification to learn more about it, and how to fix it.
根据其严重性将其突出显示。 您可以单击通知以了解有关此通知的更多信息以及如何解决它。
However, you would see this only when you login to the WordPress dashboard.
但是,仅当您登录WordPress仪表板时,您才会看到此信息。
Wordfence also comes with instant notifications via email. To configure email alerts, go to Wordfence » All Options page and scroll down to the ‘Email Alert Preferences’ section.
Wordfence还带有通过电子邮件的即时通知。 要配置电子邮件警报,请转到Wordfence»所有选项页面,然后向下滚动到“电子邮件警报首选项”部分。
From here you can turn email alerts on/off. You can also choose the severity level to send an email alert.
在这里,您可以打开/关闭电子邮件警报。 您还可以选择严重性级别以发送电子邮件警报。
Sucuri监视和警报 (Sucuri Monitoring and Alerts)
Sucuri also displays critical notifications on your dashboard. The top right corner of the screen is dedicated to display the status of core WordPress files.
Sucuri还会在您的仪表板上显示重要通知。 屏幕的右上角专用于显示核心WordPress文件的状态。
Below that, you’ll see the audit logs and site health status.
在其下,您将看到审核日志和站点运行状况。
Sucuri comes with a complete alert management system. Simply visit the Sucuri Security » Settings page and switch to the Alerts tab.
Sucuri带有完整的警报管理系统。 只需访问Sucuri安全性»设置页面,然后切换到警报选项卡。
You can add email addresses that you want to be notified. After that, you can further customize email alerts.
您可以添加要收到通知的电子邮件地址。 之后,您可以进一步自定义电子邮件警报。
You can choose events you want to be notified about, number of alerts per hour, and customize settings for brute force attacks, post types, and alert email subjects.
您可以选择要通知的事件,每小时的警报数量,以及针对暴力攻击,帖子类型和警报电子邮件主题的自定义设置。
Their website application firewall will also send automated high level alerts to your email.
他们的网站应用程序防火墙还将向您的电子邮件发送自动的高级警报。
Winner: Tie
优胜者:领带
恶意软件扫描程序 (Malware Scanner)
Both plugins come with built-in security scannerss to check your WordPress site for malware, changed files, and malicious code.
这两个插件都带有内置的安全扫描器 ,可检查您的WordPress网站是否存在恶意软件,更改的文件和恶意代码。
Let’s see how Wordfence and Sucuri scan for malware and other issues.
让我们看看Wordfence和Sucuri如何扫描恶意软件和其他问题。
Wordfence恶意软件扫描程序 (Wordfence Malware Scanner)
Wordfence comes with a powerful scanner which is highly customizable to meet your hosting environment and security concerns.
Wordfence随附功能强大的扫描仪,该扫描仪高度可自定义,可以满足您的托管环境和安全方面的需求。
By default, the scan is enabled with limited scan settings (to save server resources on shared hosting plans).
默认情况下,使用有限的扫描设置启用扫描(以将服务器资源保存在共享主机计划中 )。
For free version, Wordfence automatically decides a scan schedule for your site. Premium version users can choose their own scan schedule.
对于免费版本,Wordfence会自动为您的站点确定扫描计划。 高级版用户可以选择自己的扫描计划。
You can set up the scanner to run in different modes. Some scan options are only available with the premium version.
您可以将扫描仪设置为在不同模式下运行。 某些扫描选项仅适用于高级版本。
Wordfence scanner can also check your plugin and themes to match the repository version.
Wordfence扫描程序还可以检查您的插件和主题以匹配存储库版本。
Sucuri恶意软件扫描程序 (Sucuri Malware Scanner)
Sucuri Malware scanner uses Sucuri’s Sitecheck API. This API automatically checks your site against multiple safe-browsing APIs to ensure that your website is not blacklisted.
Sucuri恶意软件扫描程序使用Sucuri的Sitecheck API。 该API会根据多个安全浏览API自动检查您的网站,以确保您的网站未列入黑名单。
It automatically checks the integrity of your core WordPress files to make sure that they are not modified.
它会自动检查您的核心WordPress文件的完整性,以确保它们没有被修改。
You can customize the scan settings from Sucuri Security » Settings page and clicking on the scanner tab.
您可以从Sucuri Security»设置页面中定制扫描设置,然后单击扫描仪选项卡。
Sucuri’s free scanner runs on the publicly available files on your website. It is not a WordPress specific scanner, so it is incredibly good at detecting any type of malware and malicious code.
Sucuri的免费扫描仪在您网站上公开可用的文件上运行。 它不是WordPress专用的扫描仪,因此非常擅长检测任何类型的恶意软件和恶意代码。
It is also less intrusive on your server resources which is an added bonus.
它也减少了对服务器资源的干扰,这是一个额外的好处。
Winner: Sucuri
优胜者: Sucuri
被黑的网站清理 (Hacked Website Clean up)
Cleaning up a hacked WordPress site is not easy. Malware can affect several files, inject links in your content, or block you out of your own website.
清理被黑的WordPress网站并不容易。 恶意软件可能会影响多个文件,在您的内容中注入链接或将您拒之门外。
Manually cleaning everything by yourself is not possible for most beginners.
对于大多数初学者来说,手动清洁所有物品是不可能的。
Luckily, both Wordfence and Sucuri offer site clean up and malware removal service. Let’s take a look at which one does it better.
幸运的是,Wordfence和Sucuri都提供站点清理和恶意软件清除服务。 让我们来看看哪个做得更好。
Wordfence网站清理 (Wordfence Site Clean Up)
Wordfence site cleanup service is not included in their free or premium plans. It is sold separately as an add-on service.
Wordfence网站清理服务不包括在其免费或高级计划中。 它作为一项附加服务单独出售。
Site clean up will also give you a premium Wordfence license for one website.
网站清理还将为您提供一个网站的高级Wordfence许可证。
The malware clean up process is pretty straight forward. They will scan your site for malware / infections, and then clean up all affected files.
恶意软件清除过程非常简单。 他们将扫描您的网站以查找恶意软件/感染,然后清除所有受影响的文件。
Their team will also investigate how hackers got access to your site. They will prepare a detailed report of the entire clean up process with suggestions for future prevention.
他们的团队还将调查黑客如何访问您的网站。 他们将准备一份有关整个清理过程的详细报告,并提供有关未来预防的建议。
Sucuri网站清理 (Sucuri Site Clean up)
All paid Sucuri plans include website clean up service. This comes with site clean up, blacklist removal, SEO spam repair, and WAF protection for future prevention.
所有的Sucuri付费计划都包括网站清理服务。 这包括站点清理,黑名单删除,SEO垃圾邮件修复和WAF保护,以防止将来发生。
They are really good at cleaning up malware, injected spam code, and backdoor access files.
他们非常擅长清理恶意软件,注入的垃圾邮件代码和后门访问文件。
The process is quite straight forward. You open a support ticket and their team will start working on the cleanup process.
这个过程非常简单。 您打开支持通知单,他们的团队将开始进行清理过程。
They will use your login credentials for FTP/SSH access or cPanel. During the process, they keep a log of every file they touch and automatically backup everything.
他们将使用您的登录凭据进行FTP / SSH访问或cPanel。 在此过程中,他们会保留每个接触文件的日志并自动备份所有文件。
Winnner: Tie
温纳:领带
结论 (Conclusion)
Both Wordfence and Sucuri are excellent WordPress security plugins. However, we believe that Sucuri is the best WordPress security plugin overall.
Wordfence和Sucuri都是出色的WordPress安全插件。 但是,我们认为Sucuri是整体上最好的WordPress安全插件。
It offers a cloud-based WAF which improves your website’s performance and speed while blocking malicious traffic and brute force attacks.
它提供了基于云的WAF,可提高您网站的性能和速度,同时阻止恶意流量和暴力攻击。
Wordfence is a good free option if you don’t mind using a server-side firewall and scanner.
如果您不介意使用服务器端防火墙和扫描仪, Wordfence是一个不错的免费选择。
If you are looking for a free cloud-based website firewall, then you can use Cloudflare as a free alternative, but it doesn’t offer comprehensive protection. See our comparison of Sucuri vs Cloudflare.
如果您正在寻找基于云的免费网站防火墙,则可以将Cloudflare用作免费替代方案,但它不能提供全面的保护。 请参阅我们对Sucuri和Cloudflare的比较。
Editor’s note: We use Sucuri on WPBeginner website to boost our security. See our detailed Sucuri review.
编者注:我们在WPBeginner网站上使用Sucuri来增强我们的安全性。 请参阅我们详细的Sucuri评论 。
We hope this article helped you compare Wordfence vs Sucuri and find out which one is better for your needs. You may also want to follow our complete WordPress security guide for step by step instructions to protect your website.
我们希望本文能帮助您比较Wordfence与Sucuri,并找出哪种更适合您的需求。 您可能还需要遵循我们完整的WordPress安全指南,以获得分步说明来保护您的网站。
If you liked this article, then please subscribe to our YouTube Channel for WordPress video tutorials. You can also find us on Twitter and Facebook.
如果您喜欢这篇文章,请订阅我们的YouTube频道 WordPress视频教程。 您也可以在Twitter和Facebook上找到我们。
翻译自: https://www.wpbeginner.com/opinion/wordfence-vs-sucuri-which-one-is-better-compared/
扫一扫
770
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
