Sucuri Reviews

Four years ago, my office website was hit with a malware infection, and I decided to give their services a try. I must say, it was a great decision and they did an excellent job cleaning up my site and getting rid of the malware. Since then, I've continued to use their WAF to keep my website secure and protect it from hacker attacks. I've also been using their email services, and while they're decent, I've found that other providers offer better encryption. However, it does offer solid backend features, which is one of the reasons I've stuck with their email services.

One of the most valuable features is the convenience it offers in reducing the need for extensive support and simplifying the process of safeguarding a website in two key areas. It significantly eases the workload and streamlines the initial setup required to protect a website. When it comes to defending a website from potential attackers, its services stand out as exceptionally beneficial. With just a few clicks, they offer a straightforward way to secure any website.

One area where they could improve is in providing real-time support options because now you need to open a support ticket and wait for their response. It would greatly benefit customers if they implemented an online chat or messaging system for quicker assistance. I have found their Content Delivery Network service to be lacking in quality, and it could certainly be enhanced to provide better performance. I would also like to see improvements in the deployment process, as it currently takes more time than desirable. Another significant concern is that their service when your website is down, turns it into a static site. This means that if customers try to visit your site during downtime, they will see old content from the static site, which is not ideal. The CDN and tracking services are areas that need improvement, as well as addressing their bandwidth limitations.

I have been using it for more than three years.

It is highly stable and reliable.

It's highly effective, and we use it around the clock. It offers good scalability capabilities.

Their support team is not only highly responsive but also incredibly informative and their services are exceptional. In the unfortunate event that your site gets infected, Sucuri stands out by providing thorough explanations for everything that transpired, from how the infection occurred to the methods used by attackers. They also offer clear guidance on how to rectify the situation and fortify your website's defenses. This level of transparency and comprehensive support is quite unique. Many other companies that offer similar services, whether it's malware removal or defense against attacks, often fall short in providing such detailed explanations and assistance.

Positive

I used Cloudflare before opting for Sucuri. The main reason for switching was the pricing.

The implementation process typically involves two main phases. First, I need to coordinate with my IT team and configure some settings which include specifying the IP area code from my domain hosting panel, marking the IT personnel, and setting up a tunnel using the provided IT address and API key. For the second phase, which involves setting up the Web Application Firewall, Sucuri simplifies the process. I just need to install their plugin and then connect it to my account by inputting the provided key through the dashboard. After that, I fine-tune some settings through the plugin interface. This part of the setup is quite straightforward and user-friendly. It might take around one to two hours for someone new to the process to complete all these steps, but for those with expertise in such configurations, it can be done in just thirty to forty minutes.

It stands out as a more cost-effective option compared to other cloud-based security services like Cloudflare or JetPass. The affordability and fixed pricing model are one of the main reasons why I prefer it.

Its effectiveness depends on your specific requirements. If your website is based on WordPress, it is a great fit, as it's optimized for WordPress services and works exceptionally well in that context. When it comes to non-WordPress websites or more general web applications, it may not be the best choice. Overall, I would rate it seven out of ten.

I'm currently using it to prevent security risk attacks and hacking on my websites.

We use the solution to protect our main website, which has two parts: a Web Application Firewall and a service to remove infection. We also use the part that sends us information about new risk updates to our site server account managers.

The main benefit is that my site developers are not experienced people. The solution provides me with peace of mind because it protects my site even when they don't follow the best development practices. The provider solution also alerts me about the flaws in the development, and I send the developers to correct them.

I like that it can work with my website provider. The tool providers communicate with each other and use each other's features to remove and prevent risks.

The main improvement I would like to see is support for .NET applications. If they could include this feature, I would include more sites in the protection.

In future releases, perhaps Sucuri could include a PCI test for our site or some ethical hacking features. More advanced features than what I have paid for would be wonderful.

I've been using the solution for four years.

It is stable. Over the years, we have migrated from different plans. We started with the basic plan, and now we are on the professional plan. This has reduced the response time.

I haven't really tried to scale it because I just protect the main sites. But, since it is a cloud solution, it is scalable. I can include whatever site I want in the solution. The only thing is that I would have to change plans. So we pay as we go.

This solution is run on servers, not by individual users. So, there are three people in IT, one in the developer department.

I have three servers currently. I hope to keep this standard until next year when I will add at least two more servers.

We used server techniques and another solution without the provider. The provider solution was more expensive and required more work. So that's why we switched to this one.

The initial setup was very easy. We deploy the solution on-premises. Our plan is for a cloud service, but we compare it to a proxy to source it to direct access to our site. The email server site runs in the provider.

I am the only one involved in the deployment process in my company. After deployment, it takes ten minutes. And then, you have to wait for the DNS propagation, which could take two to four hours maximum.

For me, it's really easy to deploy because I have experience in that matter. I only had to change DNS records and include certain signature files. That was all I had to do. But if other people in the organization without my experience had to set up or deploy the solution on our site, they could just put in a case and the provider would do it for them.

There is not much to maintain. The dashboard just sends me alerts when there is a new Arisa detected. We then monitor the impact of attacks on the website and the solution to prevent them. If it's needed, we will take further action.

The ROI has been very good. Because of the solution, I have a tax break. The site developers were not always experienced people. We used to pay more for cleaning up the site when it was infected. Now, we have peace of mind knowing that the solution will clean up the site and that we won't have to go through the unnecessary process of restoring it from a backup. The protection on the WAF and the measures for backups have also prevented our site from going down.

The pricing is very reasonable. Sucuri offer other features as an add-on, such as backup, but these have an additional cost. We host the sites ourselves, so I don't take it because it was redundant.

I evaluated alternatives, but so far, I haven't found anything else that is competitive in price.

I recommend that you carefully consider whether the provider offers a black box tool that can detect best practices for development. An implemented site can help to prevent further infection or risk.

Overall, I would rate the solution a nine out of ten. 

We were using Sucuri for protection against DDoS attacks and also for securing our website. In case we needed to block any particular IP, we used it for that purpose. So, if we wanted to block requests for a specific reason or expose our site to particular IPs only, we relied on Sucuri.

The most valuable part is the analytics and visualization. We can see the requests coming from different IPs and the frequency of requests from a specific IP. It's a good security measure.

In terms of improvement, the cost factor is always there.

I used it for around two to three months. Then we shifted to AWS WAF.

Stability is quite impressive. I would go with nine out of ten.

It is quite a scalable solution and provides a lot of functionalities. I would rate the scalability an eight out of ten. There is always scope for improvement. 

It was a great experience with the customer service and support. They were quick to respond.

Positive

The initial setup is moderate because it's neither too easy nor too hard.

Sucuri provides us with many ways to set up our site, handle the routing, and perform the necessary configurations.

It's deployed on the cloud. We used the managed service of Sucuri and then routed all the requests from Sucuri to our AWS platform.

The initial setup took around three to four hours, just for the initial setup. But if you want to add advanced functionality, it totally depends on how we want to proceed.

Sometimes the cost depends on the security level you choose. Compared to other services like AWS, some might find it costly, while others may not see it that way, considering the resources it provides. So it's more expensive than the other ones.

Sucuri offers different plans, both the standard plan and an advanced plan. So there are different plans to choose from.

In terms of overall functionality, it's good to go with. It offers various types of functionalities that are not generally provided by many established organizations. For example, for AWS, private security, it's a good choice.

Overall, I would rate the solution an eight out of ten. Sucuri is a good option for website protection and prevention. It's a good choice if someone wants to implement it, and it's also easy to understand and use.

I use it as a WAF, which is basically a web firewall to monitor and block traffic to our web server. We wanted to have improved security for our not-so-new web server and also for newer technologies. If they can block using geolocation, it can analyze the URLs, and you can basically define folders that are to be blocked or not to be blocked and also rule. So it's a really good product, simple and not too complicated. It does the work. I was pleasantly surprised that it has geolocation blocking and is very easy to allow/disallow folders.

Sucuri could provide help for specific security alerts in-line instead of requiring users to search for it in the help section. Users get errors or EBAs, and if they want to read about it, they need to find it in the help section of the site. It would be more helpful to allow users to see more information and tips immediately from within the alert.

I have been using Sucuri for half a year. I'm not using an on-prem installation. I'm using their software as a service, so I am using the latest version. 

I never had any issues with stability. I would rate it a ten out of ten. 

It's a cloud service, so it's scalable. I would rate it a ten out of ten. We're a small business.

There's an option to contact technical support for help, but I always manage to find the solution on my own.

The initial setup is not difficult. You need to direct your DNS to a few clicks to pull me, and then it's basic. The deployment takes just minutes, depending on your DNS setup.

For maintenance, you should monitor the reports. For example, if a customer complains that one of their subcontractors cannot work in a certain country that you block, you can allow access to their specific IPs. So it's fairly easy to maintain, and everything is fairly easy to find. One person is required for the maintenance. 

There was an ROI. It is worth the investment. 

The price is around $25 per site per domain. It's a good price compared to the cost of other similar products that can cost thousands of dollars.

It's not expensive, so I would rate it as one, where ten means very expensive.

I would recommend knowing your data so you can understand if there's an issue and get alerts. Also, make sure to publish it for your APIs or web anytime so you can understand what's going on.

Overall, I would rate the solution a ten out of ten. 

We mainly use this solution to check for malware or any security or malware injection into our WordPress site.

Rather than locate some things manually, the Sucuri plugin scans and allows us to pinpoint whether there is malware or some problem in the site. It makes us a little more efficient.

We have Sucuri online to check whether there is any malware. We put our Sucuri plugin into our WordPress setup and it notifies us if it finds malware or something of that nature. 

I'm not sure if Sucuri also provides DDoS protection services but it would be good if they did. 

It is a stable product that customers do rely on. They provide a good service. 

The initial setup was straightforward. Straight forward because the plugin can simply be installed and then it does its job. It's not complex, there is no learning curve. The online scan is simple, you put in the website address and the scan gives us a report on the browser itself. It's simple to use. 

I would rate this solution an eight out of ten. The reason is that we have found sometimes customers or Google saying that there is something wrong with the website but Sucuri says that the site is clean so we do have to look at the site manually which means that the Sucuri scan does not pick up anything and everything.

Domain name scanning since it allows us to scan all our domain names and determine whether it has malware or if is reported as phishing. Sucuri also gives us details on content that may have triggered the malware/phishing report.

The product has sped up our ability to detect suspicious domains and alert the registrants or relevant parties. It has also allowed us to share more details on such detections to the relevant parties since the report is comprehensive enough.

• Confident score: Currently it does not have one and there are cases that most websites flagged are false-positives. Since they don’t have it, then we end up manually reassessing the website. It would be good if they had it so we could tweak our system to only accept certain detections based on some confident score/level.
• They constantly release blogs on a certain vulnerability. This is useful to keep us updated on the latest threats. However, it would be more useful if they would be able to map/tag detections from their Network API with those threats/vulnerabilities that they have blogged.  For example, they blogged about a Joomla! core exploit and they have identified the suspicious codes i.e., $var=xyz. It would be great if their network API scanner could tag/map domains with similar code, such as“joomla-exploit-1”. In that way, network API users who keep the scan results in the database can simply search for those with “joomla-exploit-1” and then they could determine, straightaway, the affected domains.

We have been using this solution since 2011.

I did not encounter any issues with stability.

I did not encounter any issues with scalability.

We did not use a previous solution.

The setup was straightforward since it was API based and they provided ways to interface with their API i.e., XML, JSON. They also provided a trial API key to try the API.

I’d simply say it’s really worth it.

There was no other similar product at that time. If there was, their reporting was not so comprehensive.

For people who own a personal website, this solution is worth trying out since their security solution is somewhat full-fledged. It will help you sleep at night. For corporations, if you have some business process that requires automated scanning of a lot of domain names and alerting the relevant parties (like us), then it’s worth considering.