In this article you can learn more about:
- Sucuri for WordPress
- Configure Security Notifications
This article describes the Sucuri plugin for WordPress and how it may be used to add security to your website. It also explains the various security alerts settings.
NOTICE: Sucuri for WordPress is just one way to secure your website’s data. Check out the many features WordPress Hosting by InMotion Hosting includes supplementing security for your website.
Sucuri for WordPress
The Sucuri plugin adds a layer of security to your WordPress website. It is versatile yet easy to learn and use. It is easily installed using the WordPress Dashboard. Add this plugin then you can configure it to detect malicious activity on your website. You can also configure alerts to notify you of unauthorized changes.
“The sooner you are aware of security vulnerabilities, the quicker you can mitigate them.”
Continue reading to learn more about configuring the Sucuri plugin for WordPress.
Configure Security Notifications
This section will describe the various settings that can be modified in the Alerts tab of the settings in the Sucuri plugin for WordPress. To find these settings, follow the steps below.
- Log into your WordPress Administrative Dashboard.
- Click on Sucuri Security from the left side.
- Click on Settings from the upper right.
- Click on the Alerts tab.
Now, you know how to navigate to Sucuri’s alerts settings. Read on to learn about each of the settings on this page.
Here, you can specify which email address(es) receive the alerts. Out of the box, Sucuri will send alerts to the administrative email address (configured as the administrative user’s email address when you initially installed WordPress).
- To add an email address: Enter your desired email address into the field labeled E-MAIL. Then, click Submit.
- To remove an email address: Click on the checkbox to the left of each email address you want to remove. Then, click Delete.
Trusted IP Addresses
To prevent excessive/unnecessary alerts add IP addresses for Sucuri to trust. Sucuri will not send alerts about activity generated from trusted IP addresses.
- To add an IP address: Enter the IP address into the field labeled IP ADDRESS. Then, click Submit.
NOTE: You may add a block of IPs using the CIDR format to specify the range.
- To remove an IP address: Click on the checkbox to the left of each IP address you want to remove. Then, click Delete.
This setting allows you to configure the format of the subject line for email alerts. Refer to the table below to learn the pseudo-tags you can use to customize the format.
|:domain||The domain that triggered the alert|
|:event||The activity that triggered the alert|
|:remoteaddr||The IP address that triggered the alert|
|:username||The username that triggered the alert|
|The email address that triggered the alert|
|:hostname||The server’s name that triggered the alert|
- To make your selection: Click on the radio button to the left of the option you would like to set. If you want to customize it, then select the radio button labeled Custom format. Then, type your custom format into the field (using the tags separated by commas). When you are ready to save your selection, click on Submit.
Alerts Per Hour
Are you tired of receiving so many email alerts? This setting allows you to configure an hourly limit for email alerts. If the amount of activity exceeds the hourly alert limit, Sucuri refrains from sending the alert. However, Sucuri still logs the activity.
- To set a limit: From the drop-down menu labeled MAXIMUM ALERTS PER HOUR, select the desired maximum number of email alerts to receive each hour. Then, click Submit.
Password Guessing Brute Force Attacks
To protect yourself against a brute force attack you can select the hourly rate limit for login attempts. Once the limit is exceeded, Sucuri identifies the activity as a brute force attack.
- To set a limit: From the drop-down menu labeled CONSIDER BRUTE-FORCE ATTACK AFTER, select the desired number of failed login attempts each hour. Then, click Submit.
This section of the alerts settings allows you to select the events that will trigger sending an email alert. Alerts with a checkmark are enabled.
- To select security alerts: Click to place a checkmark in the checkbox next to the alerts you would like to enable. Then click the Submit button.