A step-by-step guide to using SUCURI protect and speed up a site a WordPress site.
Two most important metrics for any site is Performance & Security.
How do you ensure your site loads faster to generate more sales, traffic, engagement?
How do you monitor & protect your site from online vulnerabilities, hacker, malware?
Do you have the above concern for your WordPress site? Well, you are not alone!
There are multiple ways to achieve.
However, one of the quickest and cost-effective ways to supercharge your WordPress site and add protection is by using cloud-based security provider (CBSP) such as SUCURI.
Wondering, what is SUCURI?
SUCURI is all-in-one security & CDN (content delivery network) platform for WordPress, Joomla, Drupal, Magento, phpBB, etc.
Some of the platform features are:
Continous monitoring for DNS records, code integrity, SSL certificates expiry, WHOIS changes and alert through SMS, email, slack & RSS.
Remove malware, malicious code, blacklist warnings, SEO spam and provide a full cleanup report.
Protect from hacks and attacks such as DDoS, brute-force, bad bots, spam, application specific & common vulnerabilities. Also, protectino against OWASP top 10.
Improve website performance with global anycast CDN, HTTP/2 support, smart caching, gzip compression.
There are two plans.
- Website Security – a complete site security solution, starting from $16.66 per month.
- Website Firewall (WAF) – to protect and speed up your site, start from %9.99 per month.
Curious, what is a difference between SUCURI’s firewall and security plan?
Website Security plan got everything you get under WAF, plus the following.
- Unlimited hack/malware cleanup
- Malware & blacklist detection
- Uptime monitoring
If your site is not hacked, blacklisted or malware infected then you can get it started with WAF plan, and in future if you ever need the complete security, you can upgrade it through the dashboard.
SUCURI provides 30 days guarantee and support is available 24/7/365.
Ready to see how to use SUCURI with WordPress?
Adding Site to SUCURI Monitoring
Once you’ve purchased plan and account is activated, you will get the following screen after login to SUCURI dashboard
- Click “Add Site”
- Enter site information and add again
You will get a confirmation about site being added. If your site is not infected with malware, you can skip requesting cleanup by clicking “Not Yet”
It will take you to the dashboard and you should notice warning about “Server side scanner is not activated”
- Let’s take advantage of server-side scanner, click “Enable Scanner“
It will prompt to enter the FTP information but I know most of you won’t be comfortable in providing FTP information.
- So let’s click “enable manually” and you will get the
PHPfile to download which you got to upload on your site root directory.
If you are on SiteGround or shared hosting then you can login to cPanel >> File Manager >> and Go
- Click upload button and choose the downloaded file from SUCURI
- Once done, click “Verify file and enable” on SUCURI page
Next, It will prompt to whitelist the URL path. If you have any then provide else skip it.
Let’s go back to overview and here you can see the status of malware, blacklist, uptime status.
- To change the scan frequency, you can go to settings tab and adjust accordingly.
Great, site is configured to be monitored by SUCURI and will be notified when something goes wrong.
Let’s go to next step.
Adding Site to SUCURI Firewall
I assume you are still logged into, go to Website firewall menu
- Click “protect my site now”
- Enter site information and select I want to use the SUCURI’s DNS servers, click “Add Site”
Note: using SUCURI DNS server is optional.
- It will take few seconds and you will be given a SUCURI firewall IP.
Let’s point domain (in my example – techpostal.com) to point to SUCURI IP so all traffic routes through them.
There are three options, so choose whatever you like.
1. Automatic integration – if using cPanel or Plesk hosting then click “Continue Setup” and choose what you use.
Note: you need to provide hosting login details so if you are not comfortable then can skip this method and follow another one.
2. Update NS server – the second option is to update your domain’s NS (name server) to use SUCURI name servers.
- Go to DNS tab and you see the list of name servers
; Current Name Servers ns1.sgp22.siteground.asia ns2.sgp22.siteground.asia ; Expected Name Servers 10.sucuridns.com 11.sucuridns.com 18.sucuridns.com 19.sucuridns.com
By updating name server, you let SUCURI manage your domain records. This means when you need to add any subdomain record you need to do in SUCURI DNS dashboard and not with the registar.
SUCURI DNS is fast so if you don’t have a technical limitation in updating NS servers then this is recommended method.
However, if you don’t want SUCURI to manage the DNS then you may like the next option.
3. Update A record – Login to your domain registrar or shared hosting cPanel and update the A record of your domain.
I am going ahead with updating name servers. Once updated, you can use DNS lookup tool to verify if it’s reflected.
Note: Sometime DNS update may take up-to 24 hours.
You will notice “Service is activated” banner on the dashboard.
Well done! You’ve successfully routed your website traffic thorugh SUCURI.
Let’s explore some of the essential configuration and settings.
SUCURI offer FREE SSL/TLS certificate by Let’s Encrypt. If you want to make your site accessible over HTTPS for security and search ranking, then you can enable it as below.
- Go to HTTPS/SSL tab
- Select HTTPS only site under “protocol redirection” and save
Now, try to access your WP site with https://
And there you go!
With just one click you get SSL implemented on WP site with SUCURI.
Easy, isn’t it?
Note: if you notice any mixed content warning or page doesn’t load correctly then install Simple SSL plugin.
Compression is disabled by default, and it’s recommended to enable it. Compressing helps to reduce the overall page size and eventually load the page faster.
- To enable, go to performance tab >> compression and select enable >> save
Made some changes and don’t see the results? Don’t worry; you can clear the cache whenever you want.
There are two ways:
- Clear cache by file – provide the absolute path
- Entire site – clear cache for whole site
It’s doable by going to “Performance” tab.
Go to the report tab to see the site analytics, such as:
- Blocked attacks by type
- Visitors by browser, device
- Requests served by response codes, HTTP protocol version
- Caching status
- Traffic by country, hourly
There are many other options which you can play around with.
Now, let’s see how much time it takes to load the page.
In less than one second, amazing!
SUCURI looks promising and if you are serious about making your site secure and faster then worth giving a try. They offer 30-days money back so go ahead and give a try.