Okay, so you have decided you don’t want to wait for disaster to strike. Or it has happened before and you really don’t want to go through a hacked site cleanup again.
Sucuri is one of the leading tools to protect your website.
I’ve outlined the steps to get you started with Sucuri (the paid version) to save you some time. And can I say congrats for being a smart business person, an ounce of prevention will likely save you a wad of $$$ down the line. Malware cleanup is not a cool business expense!
Be Smart, Get Sucuri and Protect Your Website
First, sign-up for a Sucuri paid account (affiliate link). Yes they have a free plugin but it doesn’t include cleanup and customer support, etc. (they are good about answering quickly).
Once you get your lovely new account, roll up your sleeves, it’s time for some setup.
- Go login to Sucuri.net.
- To add your website, go to the "Website Monitoring" tab on the left (probably the default you might be there already). For a new account, scroll past the video to "Add Default Website" and add your URL in the field.
- Click on "Add Website" on the right add the URL in the box and click submit. (They have a video for just this step http://kb.sucuri.net/videos/sucuri-welcome-intro .)
- You should now be on "Website Monitoring". To the right of the website domain name click on the gear shift icon to go to the Monitoring panel.
- Modify monitoring type to every 3 hours for Malware and add WHOIS monitoring for every 6 hours.
- Click on button "Enable Email Reports" and put in your email address where you want to be notified.
- Scroll down to the "Server Side Scanner Settings" area and click on the "Enable Manually" tab.
- Download the Sucuri php file in step #2. Keep this panel page open.
- Upload the Sucuri file to the public HTML (root) of the server for the website via FTP.
- Go back to step #3 inside Sucuri and click the green button to "Verify File and Enable".
- Yeah, your website is now being scanned by Sucuri.
WordPress Plugin – The Missing Link
Want to know what is happening from your WordPress dashboard… follow these next steps.
This is hard to find, access for the plugin isn’t available from the Sucuri.net dashboard. Sad face! I asked support and they gave me the link. The plugin at wordpress.org is not the same one – we are talking about the premium plugin which currently is separate. *
- Login to Sucuri.net and go to https://wordpress.sucuri.net.
- Click on the "Download" link at the top.
- Login to the WordPress site at domain.com/login (of the site you are working on).
- Go to "Plugins" on the left dashboard and "Add New" tab.
- Click on "Upload Plugin" at the top.
- Choose the Sucuri-wp-plugin.zip file and "Install Now".
- Activate the plugin by clicking on the activate link.
- Sucuri will display a message to "Activate" Sucuri.
- On the Sucuri dashboard in WordPress you will need to get the API keys. Login to Sucuri.net (the provided link does not redirect properly and instead goes to the Website monitoring panel.) Enter the https://wordpress.sucuri.net/ URL to get to the WordPress panel after you login.
- Click on the "Settings" menu at the top (you might already be there).
- Add the URL of the website "Add a new WordPress site for monitoring:"
- Copy the Authentication Key. Go back to the Sucuri dashboard within the website WordPress dashboard, and paste in the key at "SUCURI API KEY".
- Setup "Main Settings" and select "Save values".
Ah, security Zen!
This is too Geeky For Me
This is one of several plugins I use to monitor website security. Get Sucuri and a host of other monitoring tools to keep your website in top form! No geek speek required. Read more.
* "The free plugin will be replacing the Premium plugin in the coming weeks. Eventually, there will only be one plugin. If you have the premium plugin, and install the free version, the free version will overwrite the premium version."
Only one plugin will be available and you enter your code to access the premium features.