This Week On WPWeekly: Dre Armeda and Tony Perez of Sucuri Security

SucuriLogoTony Perez and Dre Armeda of Sucuri Security will be our special guests on this weeks edition of WordPress Weekly. We’ll spend the majority of the episode talking about WordPress security and what users can do to protect themselves against the bad guys. We’ll also figure out why the company was founded and what trends they’ve noticed over the past year when it comes to attacks on sites powered by WordPress.

I asked Perez to come up with three areas that website owners need to pay particular attention to. He responded with access control, software vulnerabilities, and layered defenses.

Access Control – There are two key issues in today’s attack. Access and vulnerabilities. For the everyday website owner, access is by far the most important to me. We are seeing too many attacks exploiting weak credentials, leaving website owners vulnerable to attacks. It’s why we continue to see a spike in Brute Force attacks.

Software Vulnerabilities – This one isn’t as actionable as access control for most website owners which is why it’s second to me. Today’s website owners are not developers, they are your uncles, moms and dads, starting online businesses or learning to write about their daily experiences. Either way, many are not technical, leaving them susceptible to the world of vulnerabilities. Untrusted sources continue to be leveraged, attackers continue to find ways to circumvent systems in place to keep users safe, and this has the potential to be catastrophic for website owners.

It’s time website owners start looking beyond their existing plugin architectures and start leveraging Software as a Service based services that provide them a perimeter defense, or website firewall. Every network has it, every desktop should have one, and every website will require it in the future.

Layered Defenses – We have learned from our desktop and network predecessors, and we do this by thinking in the form of layers. Too many website owners are looking for one solution that will cure all its problems, but the problem is too big for that. They have been putting controls and layers in place that keep them in tune with what is going on with their website. Who is logging in? Who is changing what? Are things changing? Should they be? Website owners have to learn how to administer their website again. This idea of “set and forget” is harming us as much as it is helping.

Leave Your Questions In The Comments

This is a small sample of what we’ll be discussing this Friday at 3P.M. Eastern. If you have any questions about Sucuri or WordPress security in general, leave them in the comments and we’ll ask them near the end of the show.

9 Comments


  1. Hi Jeff
    I use Sucuri on all my sites – once you get to ten sites the cost per site is more than reasonable.

    I also use their paid WordPress plugin but I’ts not available at the moment because it is being upgraded.

    My question is:
    What features will the new plugin have and when will it be available?

    Report


    1. Hi Keith, I just sent you an email through your contact form on the site in regards to information about the premium plugin :)

      Report


      1. Hi Jarret
        Did anything come of the premium plugin upgrade?
        I’ve heard nothing and it’s been a long long time….

        Report


    2. Hi Keith

      Great question.

      The plugin is available, it’s just hidden. Most of the changes are around integration into the rest of our system, if you haven’t noticed there have been a number of design changes in the past few months, more to come.

      There will be some new feature improvements as well though, things like integrating our Proxy and Backups is something on the list so that you can support all your security needs in one solution. We’ll also be doing away with the built-in plugin WAF as it’s no where near our Website Firewall – http://cloudproxy.sucuri.net

      As for when, we’re looking in about 1 – 2 months, many things to change.. :)

      Thanks again for the note.

      Tony
      Co-Founder / COO at Sucuri, Inc.

      Report


      1. Hi Tony

        “We’ll also be doing away with the built-in plugin WAF as it’s no where near our Website Firewall – http://cloudproxy.sucuri.net

        I’d sign up in a moment but there is the small issue of cost!

        I’d also go with your backup plan but again it’s the cost.

        I don’t see any discounts for multiple sites and or using several of your services.

        It starts to get to the point where I might as well go the managed hosting route and have backups and security as part of the deal.

        Talking of hosting with backup and security – how about a post along those lines Jeff?

        Report


      2. Maybe a comparison of shared hosting, which needs additional security and backup plugins compared with managed hosting, which comes with the security and backups included.

        WP Engine are way out of my price bracket (and they don’t do email) but Siteground and Godaddy are bringing managed wordpress hosting down (you did something recently on Godaddy managed hosting) so maybe we should all be thinking of going the managed hosting route.

        But if we do… with whom do we go?

        Report

Comments are closed.