Wordfence vs Sucuri – WordPress Security Plugins Comparison

Wordfence vs Sucuri comparison - Plesk

Sucuri vs Wordfence – which plugin ensures full WordPress security? This is a question that lots of WordPress website owners find themselves pondering. In these days of state-sponsored attacks, organized crime gangs, and bedroom hacktivists, getting watertight cybersecurity for your WordPress website has never been more important. 

New and more sophisticated hacks and exploits happen every single day, around-the-clock, and after the Solar Winds breach came to light it’s apparent that even governments and multinationals are not as safe as they thought. 

So for the humble WordPress site owner, it’s important to find the most effective means of keeping malign intruders out. Any weaknesses are almost certain to be exploited by criminals (eventually), so it’s essential that you settle on the most effective security plug-in you can get your hands on to thwart nefarious actors. 

Site owners often wonder about choosing between Wordfence or Sucuri, simply because this pair is among the most well-known and prominent of plugins for comprehensive WordPress website protection, and so it’s difficult for many site owners to differentiate between the different offerings and identify the superior example. 

Sucuri or Wordfence: what do you need to consider?

Sucuri vs Wordfence is a tricky question to answer because both have the capacity to keep your WordPress site safe from data breaches, bot-net infections, and other unwanted security risks. 

Another criterion must be that it’s easy to use, because the less time you waste on activities that don’t contribute to selling your digital wares, the better. You don’t want to waste time becoming a security expert just so that you can run a plug-in that keeps your website safe. If that’s what’s required then it’s probably not worth investing in.

Sucuri vs Wordfence: user-friendliness

You shouldn’t need to know how the internal combustion engine functions just to stop your car from being stolen, so you also shouldn’t need to become an expert in cybersecurity to keep your website safe with Wordfence or Sucuri

Wordfence

After installation, you’ll need to confirm that you accept the terms and conditions, and then you’ll be asked for the email address where you want your security updates to be sent. 

The setup wizard that follows will walk you through the basics of the application, including where to find notifications and the results of scans.

Wordfence opens your web app firewall in learning mode and performs a scan in the background. This may take a while if you have a large website but it will let you know as soon as it’s finished.

Click the dialogue box when it’s got to the end and you’ll see what the scan discovered along with suggestions for what to do with any positive hits. If you’re lucky, it won’t find any threats, but it still might recommend useful security-related suggestions, like that you update to the newest version of your chosen theme.

The standard way that the firewall runs is as a WordPress plugin, which isn’t the ideal way of doing things in this instance. Wordfence will let you configure it to work under extended mode for enhanced security, but this requires manual configuration. 

Unfortunately, first-time users of the Wordfence UI will probably find it as difficult to understand as we did. It’s true that it doesn’t ask you to do very much in its basic configuration, so that may not be a problem, but beginners wishing to explore the different possibilities it offers may feel that it’s an uphill struggle. 

Sucuri

There’s no such trouble with Sucuri’s GUI. It isn’t cluttered by unnecessary notifications and your scan results will appear in the plug-in panel. It’s also worth mentioning that its website application firewall (WAF) is based in the Cloud and as a remote resource it doesn’t require any horsepower from your own server that would slow it down.

To set up your hosting server behind the firewall you’ll need to give it your API key and configure the DNS settings for your domain name. Once you’ve installed it, you’re done. It’s a case of “set it and forget it” because updates and maintenance are all taken care of. Also, when Sucuri gives you security recommendations you only need to click once to apply them all. 

The UI is certainly a step up from Wordfence’s design, but some options are still buried in the guts of it and will require some digging.

One hurdle that less technical users may find difficult to overcome when they’re configuring a Sucuri firewall is how to update a domain name server with their domain registrar. It may be helpful in this case to ask the registrar for some help.

Sucuri vs Wordfence: Web Application Firewall (WAF) 

It’s possible to run a firewall in one of two ways. You can run it as an application on your own server or use a cloud-based WAF solution. 

WAFs are useful for blocking website threats, and we believe that cloud-based ones are the superior option for reasons of efficiency and reliability. They constantly keep an eye on incoming web traffic, flagging and blocking issues as they appear. In the case of Wordfence vs Sucuri, both have this capability.

Wordfence

Wordfence features a WAF that keeps an eye on malicious web traffic. The fact that it’s application-based, running as a WordPress plugin, is something of a disadvantage because it means that WordPress needs to load before it can detect and respond to malicious activity. 

You’ll need to configure Wordfence’s firewall manually in expansion mode so that it can monitor traffic before it has a chance to get to your WordPress installation. 

Wordfence’s endpoint firewall only filters bad traffic once it’s reached the hosting server, and once it does, all of its resources will be stretched as it responds to the attack.

Sucuri

Sucuri’s firewall is a remote cloud resource. That means that it can trip up malicious traffic before it gets anywhere near your hosting server. Sucuri also has content delivery network (CDN) servers distributed across various regions, so this should also help to increase the speed of the response.

To use a firewall, you’ll need to change the DNS settings of the domain name. This will route your traffic through Sucuri’s server. 

Sucuri doesn’t have a basic or extended mode. As soon as the installation has finished, Sucuri’s WAF starts protecting your site straightaway.

When you’re choosing between Wordfence or Sucuri you might want to bear in mind that Sucuri uses highly effective machine learning algorithms to cut down on false positives, and its DDoS defences automatically block fake traffic and nefarious bot requests without slowing down bona fide traffic sources.

Security Monitoring and Notifications 

Downtime is money, so a security early warning system is essential for any website owner. To get notifications you’ll need to check that you can pick up emails from your WordPress site using SMTP. Let’s look at how well Sucuri vs Wordfence keeps you informed about attacks.

Wordfence

Wordfence does a decent job of telling you about any problems with elicit intrusions and the like. They show up both in the Control Panel and the Wordfence menu in the WordPress administration sidebar, with different highlights indicating their respective significance. Selecting each one will pull up options for how you deal with them, but you can only see them after logging into the WordPress dashboard. 

If you’d like to be alerted about security issues via email, then you can fairly easily do that in the Email Alert Preferences section on the Wordfence options page. You can also further explore them on this page too. 

Sucuri

It can be very distracting to be constantly interrupted by security alerts, so if you want to tell Sucuri to only bother you with the more serious cases, that’s easily done, and you can also tell the software to send them to your control panel as well. 

Look towards the upper right-hand part of the screen to explore the status of the main WordPress file. This includes the audit log and site status. 

To access the alert management system open the Sucuri security settings page and then the Alerts tab and enter the email address where you want to receive your notifications. 

You can tune the type of event notifications you get and also put a ceiling on their numbers. Your WAF will also send important alerts to your email address. 

Sucuri or Wordfence – Scanning for malware

Both of our contenders feature malware detection. They can also look for files that have been changed and snippets of code that may be up to no good. Out of Wordfence vs Sucuri, which will do the better job here? 

Wordfence

Wordfence’s malware scanner can be tweaked to meet your particular hosting and security needs. Scanning has default limitations to conserve resources.

Wordfence generates your analysis schedule automatically, but you are able to change this. With scanning, you only have access to some options if you’ve opted for advanced versions of the plug-in. Wordfence’s scanner can also check your themes and plug-ins in line with the appropriate repository version. 

Sucuri

Sucuri’s site check API assists the Sucuri scanner in its hunt for unwelcome code. It’s quite clever in that it uses secure browsing APIs to ensure that your WordPress site hasn’t been blacklisted. 

Sucuri has an automated way of checking that your core WordPress files haven’t been tampered with, but you can change any of your settings by clicking on the scanner tab on the security settings page.

The scanner isn’t specific to WordPress, which you’d think would make it less adept at dealing with WordPress security issues but in fact, the result is that it can scan for any kind of intruder. Another aspect in its favour is that it’s relatively lightweight and doesn’t impinge too much on your server resources. 

Cleaning Up Your Website

Getting hacked is no fun, and the cleanup operation that comes after your WordPress site has hosted unwelcome intruders is even less cause for celebration. Trojans and viruses can burrow into files, drop unwanted links, and who knows what else.

Unless you’re an expert you may find it beyond your ability to track down and eliminate every bit of damage that’s been done. Luckily, Wordfence vs Sucuri can do it for you, but which one is going to do the better job?

Wordfence

You’ll need to buy your cleaning solution separately from your Wordfence subscription because it isn’t something that they include in their free or paid packages. Once you’ve signed up though, it’s a fairly straightforward process to get your site analyzed and cleansed of bots and Trojans. Not only that, you’ll also get a compressive rundown of what was cleaned and advice on how you can limit the likelihood of this kind of intrusion occurring again in the future.

Sucuri

If you pay for a Sucuri plan then site cleaning will be included. Just open a support ticket and the service will get underway attending to blacklist removal, remedying SEO spam, cleaning the site, and WAF to avoid such occurrences in the future. 

Sucuri is pretty good at cleaning up viruses and other dodgy intrusions, spammy code injections, and backdoor access files. 

The team assisting you with the clean-up will use FTP/SSH access login details to get in, and they’ll be careful to back-up every file that they interact with to ensure that nothing is damaged or lost. 

Sucuri vs Wordfence – Who Is The Winner?

Wordfence vs Sucuri is a matchup between two seasoned and respected security heavyweights, but in our opinion, it’s Sucuri that crosses the finish line in first place. Its use of WAF in the Cloud is a definite plus point. Wordfence is a competent performer, but its server-side scanner and firewall can’t match Sucuri’s for security. 

Software Tools to Prevent Attacks on Servers and Sites

Software tools to prevent attacks on servers and sites - Plesk

As hackers find more sophisticated ways of accessing your data, security is becoming a day-to-day struggle for businesses. Since 2018, security breaches have increased by 11%. And in the first half of 2019 alone, 4.1 billion personal records were exposed. And losses due to data exfiltration, stolen IP, and ransomware are also accelerating at a fast pace. Although nearly two-thirds of business leaders recognize the increasing security risks, only a small percentage have enough server security and website security.

Being fully protected means having multiple layers of security in place. With each layer addressing a different type of threat – and combining to form an impenetrable barrier. This becomes a difficult task for sysadmins, because just uncovering and blocking individual threats isn’t enough. It’s also important to defend against complex threats and take preventative action all the time.

To effectively manage cybersecurity, businesses outsource and use free and premium security tools. Here we’re going to look at some of the field’s top tools. And explain how they can help you enforce the seven key security layers every business needs to stay secure.

Network Firewalls

Firewall helps Linux server security - Plesk

A firewall is a system that prevents unauthorized access to or from a private network. It’s basically like the door to a house: an outer layer of security that determines what can and cannot enter. Of course, you also need the door to be closed, sturdy, and under your control in order to protect you. Most computers come with inbuilt firewall software, typically enough to shield against viruses, malware, and other unwanted content.

However, default firewalls are generic and limited, and so enterprises regularly use hardware firewalls as well. While the default Plesk firewall provides basic server protection, extensions like Juggernaut further secure your server against today’s threats. Juggernaut features include an SPI firewall, brute-force protection, real-time connection tracking, intrusion detection, and dynamic blocklists. Such features give you extra control and allow you to prevent inappropriate communications. Also, take a holistic view of your network, and even scan encrypted data for threats.

A firewall is considered the first line of defense in preventing attacks on servers. However, it’s not the only measure you should take.

Antivirus Software

Install antimalware/antivirus software

If a firewall is the door to your house, your antivirus software is the door to your bedroom. Whereas a firewall protects unwanted content and threats from getting in, antivirus software protects against threats already in your system. It does this by constantly monitoring files, looking for certain signatures to identify malware, and removing viruses and potential threats.

There’s no such thing as too much protection when it comes to antivirus software. The key is finding a tool that suits your needs while being easy to use, lightweight, and regularly updated. Premium antivirus by Dr. Web is an award-winning virus scanning and filtering software that protects mailboxes from many types of malware. Including viruses, worms, and trojans.

More great options are the Plesk Premium Antivirus or Kaspersky Antivirus extensions. Both extensions scan server mail traffic in real-time. But only Kaspersky allows fine-tuning and filtering of specific file types from attachments. Then there’s ImunifyAV – the leading malware-scanning tool. It ensures you keep malicious code away through antivirus, security and domain monitoring, blacklist status check, and one-click malware removal.

Endpoint Detection and Response (EDR) Software

EDR software - end point detection software - Plesk

EDR is a technology that addresses the need for continuous checking of file signatures. Checking for signs of malignancy and rapid responsiveness to advanced threats.

Whether it’s a Mac, PC, or a server, a good EDR system can detect suspicious activity running on any endpoint. This is especially important as even if a hacker has entered your system, for the hack to have a serious impact they must be able to siphon information out of your network. EDR software prevents this from happening by essentially placing compromised devices in quarantine, so no intel can be sent/received.

EDR is an advanced step in server security and so it typically comes at a cost. Kaspersky EDR provides full endpoint protection, from automatic threat blocking to complex incident response. It’s particularly popular for its comprehensive visibility across corporate networks and capacity to discover, prioritize, investigate, and neutralize advanced threats.

Anti-Phishing Tools

phishing - anti-phishing tools - Plesk

Phishing is a way of finding and gathering personal information using deceptive emails and websites. Techniques typically involve persuading people to click on malicious links by suggesting they are important and/or safe. It happens mostly through messaging platforms like email and chat apps. Built-in spam filters block most generic phishing attempts sent out to thousands of people. However, targeted phishing attempts, which may target specific individuals or organizations, can be harder to block.

Phishing is a particularly tricky form of cyberattack to protect against and it can appear so real. Neutralizing such scams, which have tricked even the savviest of CEOs, requires special anti-phishing tools. Warden Anti-spam and Virus Protection is a paid extension designed for power users and service providers. Besides providing high-performance and simple antivirus tests, it also offers support for nearly 30 SpamAssassin plugins. And is therefore one of the most robust anti-virus and anti-spam tools around.

Encryption Tools

encryption tools - Plesk

Encryption tools are software that use cryptography to prevent unauthorized access to sensitive information. It works by encoding data from “plaintext” into “ciphertext”. This process turns unencrypted information into an encrypted form for which you need a key to decode. Typically a password, making it harder for outsiders to access.

There are two main types of encryption: software and hardware encryption. Software encryption is more selective and focuses on encrypting individual files and folders. Hardware encryption involves encrypting entire devices.

Linux users will be used to connecting to servers using SSH keys. SSH (Secure Shell) keys are access credentials used in the SSH protocol. A secure and widely used standard for strong authentication, secure connection, and encrypted file transfers. Using SSH keys is more convenient and secure than traditional passwords.

From Plesk 12.0 onwards, you can use SSH Keys Manager to effectively manage SSH keys from the Plesk UI.

Specific Server Security Tools

specific server security tools - server security software - plesk

Some of the most popular Plesk extensions are those which improve your server’s security. Here are some of the most powerful ones which help combat server threats.

Sentinel Anti-malware

Sentinel Anti-malware is a scanner that combines the open-source principles from Linux Malware Detect and ClamAV. This extension especially serves power users and service providers who want to ensure they have protection from a variety of malware.

Kernelcare

This premium extension (free trial for 30 days) protects Linux servers against critical vulnerabilities. Mainly by automatically installing security updates to running kernels. This avoids rebooting servers and planning scheduled downtime for your customers. And it also ensures kernels are updated within hours of patch releases for uninterrupted security.

BitNinja

The BitNinja extension prevents 99% of malicious attacks. This can consequently reduce your server alerts and customer complaints by just as much. It actually provides protection against nine different aspects of attacks – including malicious port scans and infections. You can even set it up and start automatically protecting your server in as quick as five minutes.

Cloudbric

Cloudbric provides award-winning enterprise WAF and DDoS protection. Firstly, it has a threat detection system for real-time security against hacking attempts, website defacement, DDoS attacks, and spambots. Secondly, you can activate it with one click and try it for two weeks for free. While also benefiting from Cloudbric’s free and expert technical/security support.

DDoS Protection by Variti

DDoS Protection by Variti protects sites from DDoS – one of the most popular online attacks. As well as other types of sophisticated bot attacks. It does this by analyzing real-time traffic and passing it through a distributed network of VARITI filtering nodes. This extension is ideal for companies that depend on online traffic protection for their business.

Atomic Secured Linux

The Atomic Secured Linux extension provides the same level of protection that typically comes with an expert security team. It can prevent, detect, and respond to today’s greatest cybersecurity challenges. In particular, it features host and kernel intrusion prevention systems, brute force protection, and automated malware removal.

(D)DoS Deflate Interface

(D)DoS Deflate Interface is a lightweight shell script that helps deflect DDoS attacks automatically. The script runs in the background, blocking incoming connections from multiple IPs from which connections exceed the configured threshold. And above that – It’s simple to install and operate.

Penetration Testing Software

Password policy vs Hacking Techniques

Penetration testing software is the final line of defense in your security arsenal. Professional ethical hackers simulate a cyberattack (penetration testing), allowing enterprises to find weaknesses in corporate networks long before attackers do.

Rather than just software, penetration testing is often handled by human experts. Once your systems are in place, this added level of security helps you answer two questions in particular. First – does your security system have enough layers? And second – do those layers actually work?

In penetration testing, certain tests can, however, run autonomously. For example, Burp Suite’s vulnerability scanner autonomously crawls an enterprise’s web presence in search of common security holes. Including cross-site scripting, SQL injections, and volatile content. Admins can schedule Burp scans and see the resulting analysis in the form of detailed visual maps. Allowing for the ultimate control and protection of your business’s data.

How tight is your server security against attack? Do you use these tools or different ones? Let us know in the comments below!

CloudLinux (Imunify360) Explain Why We Need New Security Strategies

CloudLinux say we need new security strategies - Plesk

Today’s hackers are widening their scope of threats and creating deeper, harmful impacts. We all need our platforms safe if we want to stay in business. However, organizations tend to cut costs by not hiring full-time security analysts, taking the DIY-approach instead. Thus opening up a can of risks.

Since software, and the attacks it exposes, are always evolving, it’s impossible to keep security policies relevant and reliable. Resulting in compromised websites, unmaintainable systems, a floundering reputation – and ultimately, plunging profits.

Common Characteristics of Cyber Crime Today

Common characteristics of cybercrime today - Server Security

According to many security experts, this is what today’s cyber crime landscape looks like:

  • Scale: Through automation, hacking attempts are now much broader in their attack surface and more prolonged in their duration.
  • Knowledge: Hackers take advantage of dedicated communication channels and share vulnerabilities info. Many vulnerabilities are unknown to both the software vendors and the website owners.
  • Adaptability: Hacking tools and techniques evolve faster than the defenses designed to protect against them. And hackers are customizing attacks for specific website platforms, exploiting specific vulnerabilities.
  • Cost: Hacker communities don’t just steal a company’s data and hijack their resources. They also adopt a company’s corporate mindset and try to lower hacking costs and risks.

If we want to avoid making cybersecurity a full-time fight, we need defense strategies that directly address the above factors.

Layered Security: The Suggested CloudLinux Strategy

What CloudLinux wanted was to regain control of security and make it manageable for Linux hosters and website owners. Hence, discarding previous failed strategies and replacing them with more effective tactics, better suited to battle these new hacking trends.

With layered security, a stack of security components protects against different vectors of attack with specialized software modules. Together implementing a more effective ‘security funnel’ kind of situation.

Layered Security - CloudLinux Cyber Security strategy 2019 - Plesk

Why Layered Security?

Modern security solutions use this multi-layer model because of its wide coverage and the fact that it’s adaptive. System operators can individually fine-tune each layer according to their profile, server specs and compliance needs. Meanwhile, website operators no longer need to constantly reevaluate their security defense posture and upgrade their cybersecurity suite. Instead, they can use their time and money to further develop their businesses and meet their customers’ needs.

Imunify360 in Plesk: Key features & Updates

Imunify360 is a scalable solution with a cybersecurity approach that builds on the industry’s solid and reliable components and protocols. Their technologies improve detection rates, simplify management, and offer opportunities to enhance revenues for hosters and web professionals. Here’s a run-down of the key Imunify360 components.

Imunify360 in Plesk: Firewall, IDS/IPS, anti-malware, antivirus, patching, backup/restore

1. Firewall / WAF

Builds on the strength and reliability of ModSecurity and OSSEC, enhanced by human and machine-learned rules. There’s automated IP block list management to ease your workload, regardless of how many addresses there are. And Individual IP address blocking uses the familiar allow/deny lists model extended by a gray list – where blocked IPs go.

The system only unblocks gray IPs when a human visitor from an HTTP/HTTPS passes a CAPTCHA – thus whitelisting them. However, only admins can manually add entries to a local gray list, reducing false positives and unblock requests for support.

Bulk setting large numbers of IPs is quick and painless. To defend against brute-force attacks, Imunify360 adds to OSSEC’s Active Response which can even detect specific ports under attack, and block them.

2. Intrusion Detection Systems (IDS) & Intrusion Protection Systems (IPS)

These security components inspect traffic for signs of malicious intent, stopping it at source before it can do harm. Imunify360 uses its unique Proactive Defense to scan PHP for malicious code via de-obfuscation and behavior-analysis techniques. In order to work out which requests are authentic, while keeping false positive rates as low as possible.

In the case of malware, Blamer traces the source and method of infiltration. Eventually, armed with this information, Imunify360 will become even more effective at blocking attacks.

3. Anti-malware/antivirus

Imunify360/ImunifyAV automatically or manually scans new, modified, and uploaded files for malware and viruses – for free. Then, you can choose to automatically delete, quarantine or get a warning about malicious content. You’ll be able to perform scheduled scans in the upcoming Imunify360 4.1 version. ImunifyAV+ (premium) also includes one-click cleanup.

4. Patch Management

The main cause of security breaches is outdated software. In fact, unpatched vulnerabilities in software packs leave servers wide open. So you have to patch them asap. However, this takes time and effort, and often, patches need a system restart to activate, which could cause service interruptions.

But Imunify360 actually solves this. Firstly, with HardenedPHP, which patches new vulnerabilities and lets you safely run apps on older, unsupported PHP versions. And secondly, KernelCare, which automatically patches Linux kernels “live” – without rebooting and downtime. Essential since the kernel is the most important Linux system part, handling core functionality which all other apps rely on.

5. Reputation Management

When a website is victim of an attack, Google Safe Browsing blocks it, resulting in you losing traffic and revenue. Because the site is not indexed anymore. So this Imunify360 feature informs you of the Google-block and helps you unblock and restore it.

6. Backup and Restore

File backup brings you peace of mind because of its ability to help you recover from malware infection. Because a backup/restore feature like in Imunify360 (Acronis or CloudLinux) quickly restores your files to their pristine condition.

Fighting cybercrime together

The role of Linux servers has grown as a result of e-commerce growth in the last decade. But Cyber-crime has grown in parallel and puts legit business operations in danger with its sophistication and reach. The only solution is fighting fire with fire; use the same tools hackers are using. Get Linux server protection that is complete and dynamic.