Sucuri Wordpress Security & Scanner

Updated on: 13th Oct 2020
Sucuri offers a free WordPress security plugin, this comes with the features you'd expect from such a plugin - a software firewall, a malware scanner, and a core files integrity check.

While the plugin is free, it's purpose is to offer integration to the Sucuri Web Application Firewall, which is their premium security product. The Sucuri WAF is a proxy that will basically intercept attacks before they get to your site.

The free Sucuri WordPress plugin is a great option for small sites with little to no revenue, who cannot justify the costs of a premium firewall (and likely don't receive so much traffic, and malicious actors as a larger site). The Sucuri WAF is a great option for those who do have greater amounts of traffic, and more to lose if a site does get compromised.

What sets Sucuri Wordpress Security & Scanner apart

    Free plan limitations

    The WordPress plugin portion of Sucuri’s offerings is free-to-use and downloadable through The WordPress plugin features many of the basic functions that Sucuri’s premium plan includes and is meant to complement a site’s pre-existing security structure.

    The free program consists of the Malware scanner, security hardening options, and many of the post-hack amenities that all of Sucuri’s plans include.

    The most significant difference in functionality between the free and premium plans comes through access to Sucuri’s constantly running firewall and the level of customer support provided, with premium plans receiving much quicker support.


    All In One WordPress Security

    All In One WordPress Security

    All-in-One WP Security is a free WordPress security plugin aimed at users of all experience levels.

    The plugin gears itself towards ease of use, providing customizable functionality and simple, functional categorization.

    Users can freely customize different aspects of their site’s security while displaying visual representations of how safe a user’s website is in different areas.

    All-in-One is really a counterpart to the Sucuri free WordPress plugin if you ignore the paid cloud base plans offered by Sucuri.

    All-in-One does however still feature a firewall, although this is pretty basic compared to that offered by Sucuri. However All-in-One does not offer a malware scanner whereas the Sucuri plugin does (albeit a remote service).



    WordFence is a WordPress security plugin that focuses on providing enhanced protection, emphasizing its endpoint firewall.

    WordFence offers a server-side endpoint firewall that claims it can protect sites more than those using cloud-based firewalls. Whether this claim holds water is a matter of debate.

    They also have a regularly updated “Threat Defense Feed,” with a team of security analysts maintaining the plugin’s real-time IP blocklist.

    WordFence offers a free-to-use version accessible through with limited functionality and a selection of premium options with enhanced features and protections. However they do provide their firewall as a part of the free version (which Sucuri does not), it just has a 30 day delay on the Threat Defence Feed updates.



    MalCare markets itself on the speed of its Malware scanner and detection, claiming to be the only plugin to feature “Instant WordPress Malware Removal.”

    MalCare features a scanner that offloads it's more CPU intensive operations to the MalCare's servers, and sweeps its users’ websites for Malware and offers the ability to clean compromised websites in under a minute.

    Their scanner does not require any files to be deleted to clean its users’ sites, allowing users to maintain their site’s condition without any interruption.

    The plugin is unique because it offers emergency services provided to users whose sites have already been suspended or blacklisted. MalCare’s premium plans start at $99 per year, and higher price points include multiple sites and dedicated team members to assist users, among other features.

    iThemes Security Plugin

    iThemes Security Plugin

    iThemes Security Pro offers several security-based options that allow users to protect their websites from malicious attacks.

    The plugin offers protective features like two-factor authentication and integration with services like Google Authenticator and Authy. It also markets itself on its effectiveness in protecting against brute force attacks with its “Brute Force Protections Network,” which features several websites tracking malicious IPs and websites.

    Additionally they feature different options for protecting a user’s access point, including designating trusted devices.

    iThemes Security Pro only features a selection of premium packages, starting at $80 per year for a single website, with no free version available.

    View All


    Sucuri’s primary features include the standard suite of security protections for a user’s WordPress site. The Malware scanner, SiteCheck, performs a remote scan for malicious code within a WordPress site.

    However, because the scan is being performed remotely and not server-side, the scanner cannot check the source code of a WordPress site.

    Sucuri’s various means of security hardening include verification of a user’s WordPress version and PHP version, disabling PHP file execution, and editing plugins and themes.

    The plugin’s several post-hack options feature a built-in event monitor tracking several essential events on your site, including user authentication, the creation of pages or posts, and modifications of themes and settings, among others.

    Sucuri provides an email alert system sending email notifications of actions tracked by the event monitor, along with the ability to customize these alerts and turn specific alerts off. The site also features options for taking action against brute force attacks, with the ability to set the number of failed login attempts to be considered an attack.


    As mentioned before, the WordPress portion of Sucuri’s offerings is free for download and can be used without purchasing any of Sucuri’s premium plans. Sucuri offers a broad selection of premium plans based on the size and efficiency the customer is seeking. Sucuri’s Basic Platform plan includes full cleanups and scans, and the firewall and CDN start at $199.99 per year and features advanced scans every 30 hours.

    Much of the difference between plans regards the frequency of these scans, with the Business Platform at $499.99 per year featuring scans every 30 minutes and the promise of your site being fully cleaned of malware within six hours.

    Sucuri also provides plans including only the firewall and CDN with a basic firewall package at $9.99 per month, and a pro package at $19.99 per month. These do not include the extensive malware removal options of the more expensive plans.

    Additional plans for multiple sites and customized plans with Sucuri encourage interested users to contact them through live chat or phone.


    Sucuri WordPress Security & Scanner aims to provide its users with multiple options and measures to protect their WordPress site while also featuring methods for cleaning up after an attack. The plugin is well-liked by users on, with several five-star reviews praising the plugin’s effectiveness and ease of use.

    The plugin’s many security features allow users to harden security on their websites to prevent attacks and frequently scan their websites for malicious code and malware. Sucuri’s website also contains step-by-step guides and demonstrates modes of use after a site has been compromised.

    Many of the plugin’s functions are freely available through, and the premium plans through Sucuri can integrate with the free WordPress plugin.