Daniel and Toni, founders of Sucuri
After using Sucuri for more than three months I have found that time is here to write my very own Sucuri review, based on my experience from using their security services for this time.
My original reason for visiting the Sucuri website and signing up for their services was that I had experienced a series of attacks of different WordPress sites that I work with and administer, and the amount of time and energy used trying to fix these problems, in addition to fees that I had to pay to the different hosting services for retrieving old backups of my sites, told me that I need to find a solution that will take the weight of my shoulders if there should be any future attacks to any of my sites. I therefore signed up for a Sucuri account where I could register 15 different websites, meaning that Sucuri would monitor these websites, and if there should be anyone hacking any of the sites, adding some PHP code or placing some malware somewhere, then Sucuri will not only monitor and discover, but also clean up afterwards. That was my original goal, and this is where the Sucuri review starts.
My first impression of Sucuri
As soon as I signed up I immediately signed up for an account where I could add ten sites (and then added five more after some days). It was easy to use the control panel and to add sites, and adding the so called SSH protection was also easy, just uploading a file to the public folder using FTP and then Sucuri would discover it and the protection was one (very similar to authenticating a website for Google Webmaster Tools or Bing Webmaster Tools). After adding a site it takes an hour or two, and then they will scan the site for the first time. Upon adding my sites everything was fine, but already during the first scan Sucuri found some malware on one of my sites (that I did not know of so far).
How does Sucuri remove malware and fix hacked websites?
As you discover that you have a website that has been infected (maybe because you received a warning from Sucuri), then you need to make a removal request. This can easily be done using the Sucuri dashboard, and you will need to give them the name of your FTP server, a username and a password for this to work. At first I was a bit insecure about giving away so confidential information to a complete stranger, but because of the nice Sucuri reviews I had read elsewhere online, I thought that these guys needs to be proffesional and they will for sure not spoil their good name and fame by doing bad stuff at my website. And I was true… There was no problems then, and it has never been problems giving away FTP information later.
A few minutes after opening the case I received an eail that someone is looking into the case and that I can expect more information within a few hours. A few hours later I received a new message that the malware had been removed and that the site was now error free.
Since then I have used Sucuri about 10 times I guess to remove malware and injected PHP code from sites. Some of the hacking attempts have been more advanced, meaning that at most it took 24 hours for a matter to be solved, but it was solved and the website was up and running throughout the entire process.
Sucuri fixing the complicated problems
How webhosts relate to malware and hacked WordPress sites differ. Some hosts tells you to fix the problem, if not, they will have to shut down your site. Other hosts shut down your site and take it offline from the moment they discover the problem, and I have quite some sites hosted on servers with the latter kind of hosts. In such cases it is very important to fix the problems as soon as possible, because a site that is offline will of course harm those coming to your site looking for information or out there to buy your services, and if your site is offline for a long enough amount of times, it may also harm your Google Rankings. During this period I had some sites yet not registered at Sucuri.net, but when my host found them to be sending spam emails, they immediately took them offline. Desperate for a quick solution, and not willing to pay a lot to my webhost for restoring an old backup of the site, I quickly added the hacked site to my Sucuri panel and at once create a malware report on the site. Again, it only took hours before the matter was fixed and I could tell my host that the problem had been removed, and that they could reopen my site again. In this way I did not really have to pay anything extra for this, only my yearly fee subscription to Sucuri!
What about Sucuri firewall?
To be honest, I have not tried it yet, and I have not felt the need for it. At least Sucuri has fixed all my problems so far without me having the firewall installed and paying quite a lot of money for it monthly, but if I should need it in the future or be convinced of the fact that I actually need it, then I will for sure write more about it here in the Sucuri review, but I believe that for most webmasters out there it is not very important to add the firewall, at least not in the start.
Sucuri review conclusion
After using Sucuri on 15 websites for about three months I am really satisfied and happy about the investment. All in all this costed me 400USD (since I signed up they have raised the prices quite a lot), but based on all the time I have saved already on having Sucuri clean infected sites and also the fact that they have found and removed malware quickly from sites, hindering them from going offline and me suffering from that, I am absolutely sure that it was a good investment for me. If you are insecure they do have a thirty day full refund policy, in case you should be unhappy with the product.
If you want to try Sucuri yourself, visit the Sucuri website for more information on prices and information on the product.
If you have have tried Sucuri yourself, why not share your thoughts and experience writing a comment!