A step-by-step guide to using SUCURI protect and speed up a site a WordPress site.
The two most important metrics for any site is Performance & Security.
How do you ensure your site loads faster to generate more sales, traffic, engagement?
How do you monitor & protect your site from online vulnerabilities, hackers, malware?
Do you have the above concern for your WordPress site? Well, you are not alone!
There are multiple ways to achieve this.
However, one of the quickest and cost-effective ways to supercharge your WordPress site and add protection is by using cloud-based security provider (CBSP) such as SUCURI.
Wondering what is SUCURI?
SUCURI is all-in-one security & CDN (content delivery network) platform for WordPress, Joomla, Drupal, Magento, phpBB, etc.
Some of the platform features are:
Continuous monitoring for DNS records, code integrity, SSL certificates expiry, WHOIS changes, and alert through SMS, email, slack & RSS.
Remove malware, malicious code, blacklist warnings, SEO spam, and provide a full cleanup report.
Protect from hacks and attacks such as DDoS, brute-force, bad bots, spam, application-specific & common vulnerabilities. Also, protection against OWASP top 10.
Improve website performance with global anycast CDN, HTTP/2 support, smart caching, gzip compression.
There are two plans.
- Website Security – a complete site security solution, starting from $16.66 per month.
- Website Firewall (WAF) – to protect and speed up your site, start from $9.99 per month.
Curious, what is the difference between SUCURI’s firewall and security plan?
The website Security plan got everything you get under WAF, plus the following.
- Unlimited hack/malware cleanup
- Malware & blacklist detection
- Uptime monitoring
If your site is not hacked, blacklisted, or malware-infected, then you can get it started with the WAF plan, and in the future, if you ever need complete security, you can upgrade it through the dashboard.
SUCURI provides 30 days guarantee, and support is available 24/7/365.
Ready to see how to use SUCURI with WordPress?
A little bit about my setup – I am using my test domain techpostal.com which is hosted on SiteGround with Newspaper themes by Tagdiv. I am not using a third-party caching or security plugin.
Adding Site to SUCURI Monitoring
Once you’ve purchased plan and account is activated, you will get the following screen after login to SUCURI dashboard
- Click “Add Site”
- Enter site information and add again
You will get a confirmation about the site being added. If your site is not infected with malware, you can skip requesting cleanup by clicking “Not Yet”
It will take you to the dashboard, and you should notice a warning about “Server-side scanner is not activated.“
- Let’s take advantage of a server-side scanner, click “Enable Scanner.“
It will prompt you to enter the FTP information, but I know most of you won’t be comfortable in providing FTP information.
- So let’s click “enable manually,” and you will get the
PHPfile to download, which you got to upload on your site root directory.
If you are on SiteGround or shared hosting then you can log in to cPanel >> File Manager >> and Go
- Click the upload button and choose the downloaded file from SUCURI
- Once done, click “Verify file and enable” on SUCURI page
Next, It will prompt to whitelist the URL path. If you have any, then provide else skip it.
Let’s go back to the overview, and here you can see the status of malware, blacklist, uptime status.
- To change the scan frequency, you can go to the settings tab and adjust accordingly.
Great, the site is configured to be monitored by SUCURI and will be notified when something goes wrong.
Let’s go to the next step.
Adding Site to SUCURI Firewall
I assume you are still logged into, go to Website firewall menu
- Click “protect my site now.”
- Enter site information and select I want to use the SUCURI’s DNS servers, click “Add Site.”
Note: using the SUCURI DNS server is optional.
- It will take a few seconds, and you will be given a SUCURI firewall IP.
Let’s point domain (in my example – techpostal.com) to point to SUCURI IP so all traffic routes through them.
There are three options, so choose whatever you like.
1. Automatic integration – if using cPanel or Plesk hosting, then click “Continue Setup” and choose what you use.
Note: you need to provide hosting login details, so if you are not comfortable, then you can skip this method and follow another one.
2. Update NS server – the second option is to update your domain’s NS (name server) to use SUCURI name servers.
- Go to the DNS tab, and you see the list of name servers
; Current Name Servers ns1.sgp22.siteground.asia ns2.sgp22.siteground.asia ; Expected Name Servers 10.sucuridns.com 11.sucuridns.com 18.sucuridns.com 19.sucuridns.com
By updating the name server, you let SUCURI manage your domain records. This means when you need to add any subdomain record, you need to do it in the SUCURI DNS dashboard and not with the registar.
SUCURI DNS is fast, so if you don’t have a technical limitation in updating NS servers, then this is the recommended method.
However, if you don’t want SUCURI to manage the DNS, then you may like the next option.
3. Update A record – Login to your domain registrar or shared hosting cPanel and update the A record of your domain.
I am going ahead with updating name servers. Once updated, you can use a DNS lookup tool to verify if it’s reflected.
Note: Sometimes, the DNS update may take up to 24 hours.
You will notice the “Service is activated” banner on the dashboard.
Well done! You’ve successfully routed your website traffic through SUCURI.
Let’s explore some of the essential configuration and settings.
SUCURI offers FREE SSL/TLS certificate by Let’s Encrypt. If you want to make your site accessible over HTTPS for security and search ranking, then you can enable it as below.
- Go to HTTPS/SSL tab
- Select HTTPS-only site under “protocol redirection” and save
Now, try to access your WP site with https://
And there you go!
With just one click, you get SSL implemented on the WP site with SUCURI.
Easy, isn’t it?
Note: if you notice any mixed content warning or page doesn’t load correctly, then install Simple SSL plugin.
Compression is disabled by default, and it’s recommended to enable it. Compressing helps to reduce the overall page size and eventually load the page faster.
- To enable, go to performance tab >> compression and select enable >> save
Made some changes and don’t see the results? Don’t worry; you can clear the cache whenever you want.
There are two ways:
- A clear cache by file – provide the absolute path
- The entire site – clear cache for the whole site
It’s doable by going to the “Performance” tab.
Go to the report tab to see the site analytics, such as:
- Blocked attacks by type
- Visitors by browser, device
- Requests served by response codes, HTTP protocol version
- Caching status
- Traffic by country, hourly
There are many other options which you can play around with.
Now, let’s see how much time it takes to load the page.
In less than one second, amazing!
SUCURI looks promising, and if you are serious about making your site secure and faster, then worth giving a try. They offer 30-days money-back, so go ahead and give a try.