If you had a brick-and-mortar store, you’d never leave it unlocked or unattended while someone wasn’t there, would you? Security measures like locks, alarms, and even bodyguards are commonplace for brick-and-mortar stores and when it comes to ecommerce stores it shouldn’t be much different. In this Sucuri review, we’ll explain why.
As an ecommerce store, you might not have an actual store location or on-site physical products to protect, but there are plenty of other important things you do have to protect and unfortunately, there are real threats out there that you could be vulnerable to.
For example:
- DDoS attacks or hacks that take down your website
- Stolen credit card information that puts your customers at risk
- Losing out on sales if customers are redirected to fake shopping carts, not to mention also putting them at risk
- Losing access to your own accounts if login information gets changed by hackers
- Potential to contract malware, spam, or viruses
- Leaks of customer data or sensitive business information
If you think that your ecommerce business is safe from these kinds of threats because you’re not a major player in the ecommerce industry, then think again. Small online businesses are just as vulnerable to online threats and they’re usually not prepared to handle them when they do occur.
As Brian Jackson, the Chief Marketing Officer at Kinsta put it:
Small web stores with few sales aren’t exempt—criminals are opportunists and will target any accessible websites or server resources. It is often easier to hack a thousand small ecommerce websites than it is to hack one large online retailer.
Don’t wait until something happens to take online store security seriously; be proactive instead to prevent anything from happening in the first place. After all, a 2017 study from Ponemon Institute indicates that:
- 57% of consumers lost trust and confidence in an organization after a data breach
- 31% of consumers terminated their relationship with an organization after a data breach
- 75% of executives said that the data breach had an impact on the business’ reputation
You don’t want to be in the position of having to clean up the mess caused by a security breach, so take action to protect your business sooner rather than later. Luckily, there are powerful and effective ways you can protect your online store from potential threats and Sucuri is a great first step to take.
Let’s dive into everything that Sucuri can do for your online business.
What Sucuri Does
Sucuri is one of the top online business security tools in the industry. They fix hacks and prevent attacks so ecommerce merchants can rest easy knowing that their website’s data and customer information is as protected as it possibly can be.
Covering a complete suite of website security capabilities, Sucuri essentially filters out all the bad traffic so as little of it as possible makes its way to your site.
What we love about Sucuri, in particular, is that its firewall works on the DNS level meaning that before someone actually lands on your website, they’re filtered through Sucuri first. Not all firewalls work this way—some only work on-site so the traffic has to get to your site first before the firewall realizes it’s bad. With Sucuri’s firewall, all of your traffic goes to them first so bad traffic doesn’t even get the chance to make it to your site.
That being said, even though traffic to your site is directed to Sucuri first, it actually doesn’t create a bottleneck effect that slows down the traffic getting to your site. In fact, it has the opposite effect. Their firewall includes a Content Delivery Network (CDN) that’s built into their global network of data centers so when you’re using their firewall, your website is using these CDNs all around the world which makes your site load faster no matter where it’s being accessed from.
Not only that, but Sucuri is also unique in what they provide because they can also stop active attacks in their tracks. Brian Jackson, the Chief Marketing Officer at Kinsta (Kinsta Review), detailed in this DDoS Attack Case Study how they stopped an on-going attack simply by enabling Sucuri.
They chose to use Sucuri in that instance because they needed a web application firewall (which they mention in the case study is “almost required to stop DDoS attacks nowadays”) and also because with Sucuri’s $20/month plan they could get advanced DDoS protection, which is what they needed.
Essentially, what Sucuri does is play a role as another member of your team by being your online security specialists. They’re your online store’s personal bodyguards working 24/7, 365 days of the year to keep your store, your data, and your customer’s information safe. Their monitoring system notifies you if your website is ever hacked and their professional security analysts are always available to clean up any attacks for you.
Who Sucuri is For
If your website was hacked tomorrow what would you do?
Do you have a plan in place?
If not, then Sucuri is for you. Sucuri is like a bodyguard for your website and if we’re talking about bodyguards on a spectrum from mall cops to the military, Sucuri is close to the military end of the spectrum. They’re highly trained professionals in online security and they’re constantly updating their knowledge, skills, and strategies in the cybersecurity world to ensure that their services always match up against the current threats surfacing from the online underworld.
Not only that but as an ecommerce merchant specifically, Sucuri is for merchants who want to stay PCI compliant (which should be every merchant). PCI is the acronym for the Payment Card Industry Data Security Standards (PCI-DSS) which are requirements governed by the major credit card companies including Visa, Mastercard, Discover, and American Express to ensure that companies and merchants securely handle cardholder information. Customers of your store depend on you to protect their personal information, and the PCI standards help hold merchants accountable.
There’s a lot that goes into the PCI standards (check out the most current version of PCI DSS: Version 3.2,1 released May 2018 here) but the long and short of it is that if customer information is breached or stolen from a website that you’re responsible for, then you could potentially incur monetary penalties (the average cost of a data breach for a small business is $86,500, with enterprise organizations paying 4 million dollars, on average), and/or lose the privilege to accept payment cards, have to notify the authorities, undergo a mandatory forensic examination (a small business examination may cost between $20K to $50K), and/or be liable for fraud charges and much more. (Source) A website firewall is requirement #1 for PCI compliance, so it’s the best place you can start.
Small merchants are not excluded from these requirements, so it’s no small matter. Take all measures to be PCI compliant, and using Sucuri’s firewall will help you to be compliant by covering many of the PCI requirements by providing a cloud-based firewall, web application firewall, and intrusion detection system for your websites. Learn more about how Sucuri’s web application firewall is PCI compliant here.
Essentially what it comes down to is that Sucuri is ideal for you if you don’t want to be concerned about your website’s security and if you just want the peace of mind that you’re protected with the best online security service in the industry. Sucuri keeps your website safe, protected, and PCI compliant so next time someone asks you what you would do if your website was hacked tomorrow, you can say that you’re covered.
How Sucuri Works
There are essentially two ways that Sucuri works for you: How they prevent future threats from potentially compromising your website and how they handle active threats that are currently compromising your website.
Check out Sucuri’s page on how they clean and protect your website to learn more about what they do and how they do it.
How Sucuri Prevents Future Security Threats
Sucuri’s firewall works on the DNS level and when you set them up on your site, you’ll be pointing all of your traffic to Sucuri first so they can filter it and then send it through to your site. As we mentioned above, this doesn’t affect the flow of your traffic because their global CDN locations ensure that your site still loads quickly no matter where it’s being accessed from.
Another way that Sucuri ensures that they help protect your website from future attacks is that they’re constantly aware of the evolving website security space and are always innovating so that they can stay current with what attackers are doing and how they’re doing it. This means that the service they offer you is always being updated so you won’t be left unprotected due to outdated security methods.
How Sucuri Stops Active Attacks
If you’re site ever does get attacked, you can contact Sucuri and they’ll jump into combat with you within a few hours, if not less, to stop the attack. Even if you weren’t already using Sucuri, you can still reach out to them for immediate help.
And since they’re on top of the game when it comes to emerging security threats, they can often clean up security breaches faster than the competition can.
Why Use Sucuri
Simply put, if you have an online business or website of any kind, you should be using Sucuri to help protect it because it’s one of the top website security services available.
But, there are other great firewall options out there, so why choose Sucuri specifically?
- They’re Experienced: Sucuri is a leading company in the cyber and tech security space and they’ve been specifically involved in the industry for several years. They’re experts, innovators, and researchers and they bring all their knowledge to the service they provide website owners.
- It’s Simple to Use: There’s actually no installation of their firewall required—Sucuri’s firewall is quickly enabled through the Sucuri dashboard and then works at the DNS level. This means you can set it and forget it knowing it’s working for your site as it should be.
- Their Service is Affordable: Not only do they stand strong against the competition with the high quality of service that they provide, but also at the price point they provide it at. For the level of service they offer, their prices are comparatively fair.
- Remote & Server-Side Monitoring: When remote and server-side monitoring is set up, Sucuri can scan your website both externally and internally for indications of compromises.
- Cloud-Based Web Application Firewall: This is a high-quality firewall that acts as a protective layer between your server and your visitor’s browser so you have the best chance at mitigating threats before they can even access your website.
- Global CDN Built-In: They offer a CDN built into their global data centers which is automatically enabled (however, you can use your own CDN if you wish) so your website loads faster all around the world.
- Works on Any Website: No matter whether your site is hosted on ecommerce platforms like Shopify or BigCommerce or self-hosted on open source platforms like WordPress, you can use Sucuri.
- Alerts & Reports: Be kept in-the-know with alerts when compromises are found and reports to keep you informed. Sucuri makes sure that you always know what’s going on with your website.
- Fast Response Time: The Sucuri team is available 24/7, 365 days per year and offer speedy response times so you’re covered no matter when or if disaster strikes.
Sucuri’s Features & Services
There are a few different ways that Sucuri helps to protect your website, check out the following for a breakdown of them.
Web Application Firewall (WAF) Protection
This is Sucuri’s main security feature and the high-quality firewall that they’re especially well-known for. One of the main reasons why we use and love their web application firewall as we’ve mentioned already is that it’s a layer of protection that exists before traffic is directed to your website so it catches the bad traffic before it can even land on your site.
It’s a major player in protecting your website from DDoS (distributed denial of service) attacks which aim to take down your website by overwhelming it with traffic. DDoS attacks can happen to any website—large or small—and they can have inconvenient or even devastating effects. As the team over at Kinsta puts it:
One of the frustrating things with these types of attack is generally the attacker doesn’t gain anything and typically nothing is hacked. The big problem with DDoS attacks is with the overwhelming load associated with it. Most likely you will also see your bandwidth spike to an incredible amount, and this could cost you hundreds or even thousands of dollars. If you are on a cheaper or shared host, this can easily result in a suspension of your account.
So protecting yourself against DDoS attacks with a web application firewall like Sucuri’s has a knock-on effect that helps you maintain your normal website traffic levels, search engine rankings, website uptime, and the integrity of your hosting account.
Sucuri’s web application firewall also safeguards your website from malware like malicious code, brute force attacks from automated hacking tools, and traffic from bots. Protection against all of these potential threats ensures that your website is running smoothly, your bandwidth doesn’t get compromised, your sensitive data is safe and your site isn’t abused.
Monitoring
Sucuri offers several different alerts and monitoring options so you’re always in-the-know when it comes to the potential threats your website might experience. These include:
- DNS Monitoring: Sucuri’s scanners detect changes to your website’s domain name system (DNS) settings and alert you if changes are made.
- SSL Certificate Monitoring: If changes are made to your website’s SSL certificate (HTTPS) you will immediately receive an alert so that you can take action.
- Website Uptime Monitoring: Websites can go down and it’s critical that you know if yours does so you can take action to remedy it. Sucuri will alert you instantly if your website goes down.
Sucuri also scans your website for malware, blacklist status, SEO spam and hacks to monitor the health of your website from the inside out. This way, you’ll be informed of anything strange on-site so it can be handled.
Incident Response
Sucuri prides themselves on their incident response time and even offer a 30-day money-back guarantee if you’re not satisfied because they know they can get the job done right.
In the event of an attack, their goal is to repair and restore your website before it damages your brand’s reputation. Having Sucuri’s experts on your side can make the recovery process of an attack go much more smoothly and can also relieve much of the frustration. If an attack is going to happen—and there’s always a chance, no matter how small—you certainly want Sucuri’s team on your side to fix it.
Performance Boost
Perhaps one of the most advantageous aspects of using Sucuri—and one that we certainly enjoy the benefits of—is that using their firewall protection doesn’t make your site run slower; it makes it faster! This means that you don’t have to compromise on security or speed because, with Sucuri, you get both!
Content Delivery Networks (CDNs) are an essential part of any website that wants to offer a top-quality experience for their visitors, and since Sucuri’s CDNs are located around the world, they ensure that your website loads quickly all around the globe.
Having a fast-loading website also has a knock-on effect which impacts your website’s search engine optimization (SEO) and search engine ranking positions (SERPs). When your website loads quicker, visitors are less likely to click away which indicates to search engines like Google that your website is useful and that they should recommend it more often. This could mean that your website is suggested in higher ranking positions which means more traffic gets directed to your store! So not only will your website visitors enjoy your fast-loading site but Google will likely reward you for it as well.
Backups
Finally, one of Sucuri’s best features is that they perform backups. This means that if your website is impacted by an attack, goes down, edits aren’t saved properly or malicious changes are made, you can restore your site to its former glory quickly and easily.
Sucuri lets you set the frequency of how often backups are made (daily, weekly or monthly) and you can also schedule them to happen at a certain time of day, which is especially useful if you want to reduce server load. In addition, you have the option to be notified every time a backup is successful or only when there’s an issue. Also, only your freshest backups are kept so you get 90 days of your site’s history which you can roll back to if you want to restore a backup.
Sucuri’s Pros & Cons
There are plenty of great advantages to using Sucuri and not many disadvantages. Remember, you can never have too much security protecting your website—especially if it’s your livelihood—so it should be high up on your priority list.
Pros
- Sucuri doesn’t cause performance issues on your site, in fact, it helps to make it run faster
- They offer thorough on-site monitoring
- Their firewall runs on the DNS level so bad traffic is diverted before it gets a chance to land on your site
- Sucuri provides you with real-time alerts and reports so you’re notified as soon as there’s something important
- They offer automated or scheduled backups of your website
- Sucuri works on any website, hosted or self-hosted
- Set it and forget it—Sucuri runs effortlessly in the background
- Using Sucuri helps keep you PCI compliant
- It’s built for small businesses, enterprise organizations & web professionals alike
- They’re innovative and stay up-to-date with the latest in cybersecurity so your Sucuri protection constantly evolves with the times
Cons
- Not all features are offered on all pricing plans (although most are) and which pricing tier you’re on can indicate the frequency with which some features perform, so that’s something to bear in mind
Sucuri’s Pricing
Protecting your online store with the right tools to do the job effectively is virtually priceless. Think about how much it could cost you in sales if a DDoS attack shut down your site, or how much would it cost you in revenue if you lost customers due to a data breach, or how much it would cost you in fines if you were found to not be PCI compliant.
While the cost of an added security tool like Sucuri might seem like just another bill to pay, if you think about it from the perspective of how much it protects your business from potential disasters, it really isn’t something you should have to think twice about. Top-notch protection for your online store should be a top priority at all times.
That said, following are the price points you can expect to pay to use Sucuri’s services and a basic list of the features each plan provides.
Note: You can access just the Sucuri firewall for $19.98/month and get all the protection that their firewall offers without other additional features such as instant alerts, integrity and uptime monitoring, critical malware and blacklist detection, and unlimited hack cleanup like you do through the Basic, Pro, and Business plans.
- Basic: $199/year
- Malware & Hack Scan Frequency: 12 hours
- Malware Removal & Hack Cleanup
- Brand Reputation & Blacklist Monitoring
- Stop Hacks (Virtual Patching/Hardening)
- Advanced DDoS Mitigation
- CDN Performance
- Firewall—HTTPS & PCI Compliant
- Customer Support
- 30-Day Money-Back Guarantee
- Pro: $299/year
- Everything in the Basic plan, plus:
- Malware & Hack Scan Frequency: 6 hours
- SSL Certificate Support
- Business: $499/year
- Everything in the Pro plan, plus:
- Malware & Hack Scan Frequency: 30 minutes
- Malware Removal SLA: 6 hours
For a more in-depth list of features at each price point, check out the Sucuri pricing page.
Conclusion
When it comes to online security, there’s always a risk that you’ll be the target of potential cybersecurity threats, however, that doesn’t mean that you shouldn’t take every possible measure to protect yourself. Now that you’re through this Sucuri review, we hope you can see the value that a service like Sucuri can bring to your website. It’s such an easy yet powerful tool to add to your store and offers so much value, so adding it to your website should be a no-brainer. Don’t wait for an attack or a threat to happen—take steps to protect your website before it does.