Sucuri Review 2024: How To Use it? (Complete Tutorial)

Sucuri Review
  • Save

Any website which is hosted on a web-server is always vulnerable to hacking, and as a webmaster, it’s our role to implement all the best practices which increase the security of our website.

The wise men once said “Prevention is better than cure” and the best prevention in terms of WordPress security is to have a daily back-up of your blog.

Anyways, this post is not about WordPress backup plugins but about one blog that was hacked and I recently used one plugin to remove the hacked files from the blog.

Since this plugin was free and I find it to be very effective for any non-technical user, I’m sure you will find it useful in your rainy days.

WordPress site hacked
  • Save

To start with, one of my client blogs was hacked by a hacker and his website was blocked by Google as it may spread malicious code.

My non-technical client was in a fix, and he contacted me to look into the issue. When a WordPress site is hacked, I usually start by looking into the files which were recently modified, as this helps me to find the files injected with malicious code.

Though this is not 100% proof, as it’s really hard to find all the malicious infected file.

Upon trying a few WordPress security plugins; I landed into the Sucuri WordPress plugin, and that plugin helped me to quickly find the malicious file, and this post is dedicated to the plugin.

Meet Free Sucuri WordPress plugin:

Sucuri WordPress plugin is a security and post hack WordPress plugin. You can use it right away to fix some of the common security issues like hiding WordPress version, restrict access to WP_content, WP_includes and so on. Once your site is hacked, you can use this plugin to find modified files, outdated addons on your blog, update wp-config files and so on.

Let’s start with the first feature which will let you harden the security of your WordPress blog. Go ahead, install and activate the Sucuri WordPress plugin.

Download and install the Sucuri WordPress plugin

Once you have activated the plugin, you can check the settings from Sucuri-free > Sucuri scanner:

Sucuri scanner
  • Save

In your case, you might like to start with 1-click hardening to improve the security of your WordPress blog.

Click on the harden this site now in front of 1-click hardening to get started. Here you will see all the known issues and you can quickly click on “Harden” to fix the problem:

Secure WordPress Website
  • Save

What I’m most interested in my particular case is Integrity and post-hack features of this plugin.

Using WordPress integrity & Post-Hack Features:

There are many Post-hack features of this plugin which is useful, and the one that I loved the most is in the integrity check.

Latest modified files:

Using Latest modified files, I can see the list of recently edited/modified files.

I also have an option to “select the number of previous days” to check for modified files. Here is a screenshot after running this module:

WordPress latest modofied files
  • Save

From the above screen, you could see bin-75a.php and memcache-75.php are infected files, and opening them also confirmed about the malicious injected code. I removed those files and moved to other features of this plugin.

Check for hidden admin accounts:

Many times a hacker create an admin account which is hidden.

Using the Admin user dump feature, you can quickly list all the admin accounts and last logins. For some reasons, last login features didn’t work in my case, but I could see all the user accounts with admin privilege.

Admin user dump
  • Save

Now, once you have fixed all the hack issues, it’s time to update your WordPress blog WP-config Keys.

Simply click on post-hack and update your WordPress config key.

Update WordPress config Keys
  • Save

Along with all the above features, you can also see the server info, currently logged in users, all WordPress cron jobs.

Over all, this plugin is useful when your blog is hacked or when you want to improve the security of your blog. You don’t have to keep this plugin active all the time, simply install and follow the above steps to harden the security and disable the plugin.

Do let me know what methods are you using to secure your WordPress blog, and if you are using any particular plugin; I would love to know the name. If you find this tutorial informative, do share it with other bloggers of the WordPress community.

Was this helpful?

Thanks for your feedback!
  • Save
Authored By
A Blogger, Author and a speaker! Harsh Agrawal is recognized as a leader in digital marketing and FinTech space. Fountainhead of ShoutMeLoud, and a Speaker at ASW, Hero Mindmine, Inorbit, IBM, India blockchain summit. Also, an award-winning blogger.

4 thoughts on “Sucuri Review 2024: How To Use it? (Complete Tutorial)”

  1. Saurabh

    Hi Harsh I have follow you frome a long period. I have install & acivate sucuri security plugin in my wordpress. It dashboard shows a message “Changes in the integrity of your core files were detected. There are files that were added, modified, and/or removed in the core directories /, /wp-admin and/or /wp- includes. You may want to check each file to determine if they were infected with malicious code.”
    Now please tell me what to do. I hosting with hostgator india. Please help me Harsh.

  2. Raspal Seni

    Hi Harsh,

    I had read about Sucuri and had even tried the service. But didn’t know they gave a free WordPress plugin. I thought, anything Sucuri must be paid to use.

    Thanks for letting everyone know how a layman can unhack their WordPress blog.

    I too would stress on backing up your blog regularly. In fact, every blogger should learn ”Ba Ba … Backup” as the first thing when starting to blog. I did.

    I use Better WP Security which is now iThemes Security and though hackers keep trying to hack into my blogs, they are locked out in 3 attempts. I don’t have any user named admin, nor a user named raspal (some hackers did try logging in using my first name).

    Will try out this Sucuri plugin and good to hear, we don’t need to always keep it enabled. Great and useful post. Thanks again.

  3. Dev Pandey

    Hi Harsh,

    Thanks for sharing this wonderful and informational post!!!
    We must always ensure that our WP account is secure. Till date i have not faced any such issue, but will ensure to have proper plugins installed to maintain the security.

  4. Gagan Jaiswal

    Really Useful Plugin !
    I also used it once to Find malicious file on my friend’s blog.

    I found BulletProof Security plugin is also good .

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top