Login
26 Sep 2023

Sucuri Security and Solid Security Plugins Won’t Stop Websites From Being Hacked

While looking into some information for a post we were preparing recently, we ran across a promoted testimonial for a security provider named MalCare, coming from the person behind WPCrafter, which is marketed as WordPress tutorials for non-techies. The testimonial begins:

I had been running iThemes, WordFence & Sucuri, but they kept getting hacked.

The Sucuri Security and iThemes Security plugins (which is being rebranded as Solid Security) don’t contain a capability to protect websites from being hacked, so it wouldn’t be at all surprising that they wouldn’t stop a website from being hacked. Either the person running WPCrafter shouldn’t be handing out advice or even those that are relatively knowledgeable believe the plugins provide functionality they don’t. The latter would be concerning, considering those two plugins both have 900,000+ active installations according to WordPress.org data. So a lot of websites could be relying on protection that doesn’t exist.

Wordfence Security does have a capability to protect websites from being hacked, but even with what it could provide protection for, it often doesn’t. There are other things it couldn’t protect against, despite the developer marketing it otherwise.

As we noted in another post this week, MalCare’s own marketing suggests those using their service are not being protected from being hacked either.

For those looking for a WordPress security plugin that will provide real protection, they can take a look at the results of the testing we do to see if those plugins protect against real vulnerabilities in other plugins.

The other issue with that line from the testimonial is that even if you are not using a security plugin, the website shouldn’t keep getting hacked. For that to be occurring, there must be an unresolved security issue that has been exploited multiple times. In that situation, the best solution is to figure out what is going wrong and get that fixed, instead of trying to block attacks that would otherwise be successful.

No related posts.

Plugin Security Scorecard Grade for Solid Security

Checked on January 29, 2025
F

See issues causing the plugin to get less than A+ grade

Plugin Security Scorecard Grade for Sucuri Security

Checked on November 12, 2024
C

See issues causing the plugin to get less than A+ grade

Leave a Reply

Your email address will not be published. Required fields are marked *