Sucuri has always been a dedicated supporter of the WordPress community. Our free plugin was one of our first contributions to WordPress security (before bootstrapping our efforts into our WAF/CDN, Backups, and Malware Remediation services).
However, over my many years involved in web application security, I’ve found that one of the most evasive aspects of security for most business owners, enterprises, and agencies is visibility into security events impacting their websites. This includes monitoring who is logging in, knowing what changes are occuring in your site’s environment, and understanding what steps you can take to mitigate risk or react to a compromise.
All of these features are readily available for you in our plugin. If you don’t already have it, you can download Sucuri Security – Auditing, Malware Scanner, and Security Hardening directly from the official WordPress repository.
Website Firewall Synchronization
In today’s post, I wanted to highlight one of the commonly forgotten benefits of the plugin: synchronization with the Sucuri Website Firewall.
For our customers, you can start by visiting this page:
You’ll immediately find the top portion of the Firewall Settings panel, where you’ll encounter various API Keys and Quick Links.
Side note: In an upcoming post, I’ll be diving deeper into our Website Firewall panel. These Quick Links have been a key lifesaver for several web agencies I work with. Be sure to review them!
Now, you’ll notice that the first red line includes a double string API. You’ll need to copy and paste that entire string into the FIREWALL API KEY entry, shown below:
Once done, you’ll see the panel change to reflect the update:
The key thing here is that this is a snapshot of the settings already configured within your Sucuri Firewall dashboard. A very easy, quick way to ensure the correct origin IP (internal_ip_main) for the server is there.
Firewall Audit Logs
Speaking of snapshots and visibility, there is no greater insight than knowing what malicious or suspicious attempts are being made against your site. By navigating through to the Audit Logs tab, you’ll be able to see what recent attempts have been blocked by the Sucuri Firewall.
If you’re an Agency or MSP, this insight can be a great resource for offering value to your client — you’ll be able to clearly demonstrate that the Firewall your client has invested in has paid off!
The honeypot website I’m using as an example is a “nothing” site I built. Yet, I’m still getting attempts and exploitation threats every single day. Imagine one of your high-value clients and the kind of activity they attract. More importantly: if you don’t have this kind of visibility, then how could anyone know?
IP Address Access
There are often scenarios where you’ll need to allow a new network or employee unimpeded access to your website. The IP Address Access tab gives you quick access to do just that.
This feature will whitelist any IP address you define to prevent it from being blocked by some of our security rules. It will also manage access to your admin panels if you have it restricted to only trusted IP addresses on our security settings, as seen here:
Clear Cache
Now, one of the key features that play very well between our WAF/CDN and the plugin is the ability to automatically purge the cache of your site from our network. Access this functionality by going to the Clear Cache tab.
By enabling this feature after any post or page is updated, it will automatically clear the cache from our globally distributed CDN to ensure the newest content is on display.
Many of our partners often bookmark an API from the Quick Links area I highlighted above, but if you’re on a WordPress platform, look no further than to our plugin to run this quick task for you.
Other Sucuri Plugin Benefits
Beyond the convenient benefits the Sucuri Firewall integration with our plugin offers, don’t forget that our plugin also empowers WordPress users with more visibility to ensure you have a full scope of what’s going on with your site and are armed with the right tools.
Remove WordPress Version
Many web vulnerability scanners use WordPress versions to determine which codebase is running on your website. They then use this information to exploit any vulnerabilities associated with this version number.
Enabling the Remove WordPress Version feature will check if your WordPress version is being leaked to the public via an HTML meta-tag and mask it to harden your site against potential automated attacks.
Note: A vulnerability scanner can still guess which version of WordPress is installed by comparing the checksum of some static files.
Avoid Information Leakage
This feature checks if the WordPress README file still exists on the website. The information in this file can be used by malicious users to pinpoint which disclosed vulnerabilities are associated with the website.
Note: Be aware that WordPress recreates this file automatically with every update.
In Conclusion
Overall, maintaining good security visibility will be the best security tool at your disposal.
I will be attending the Torque Mag Social Hour Podcast on April 20th 3-4pm PST, you can catch me there for more on our Plugin.
If you have any questions, don’t hesitate to reach out to our live chat/support team to answer more questions on how to ensure you’ve properly synced the Sucuri plugin with our Website Firewall.