We recently had someone contact us who was looking for a service that would protect their website from being hacked and clean up the website if it did get hacked. There is what seems to be us to be an obvious issue with that, which is that cleaning up hacks wouldn’t be necessary if the website was being successfully protected from being hacked. It also seems like a bad idea to expect that if a company is providing a service where half of it doesn’t work that the other half will actually work well. When it comes to services that offer both of those things, our experience is that their providers usually are not just bad at both, but don’t even attempt to do the work that would be needed to do them properly.
As a case in point, we were contacted by someone last week that was using Sucuri’s service that provides both of those. The service failed to protect the website from getting infected with malware. Sucuri’s first clean up failed to stop it from getting infected again (or didn’t fully clean it up), which is not all surprising based on lots of previous instances we have been brought in to re-clean things after they failed to even attempt to do things properly.
After the second cleanup the website was broken. Once Sucuri fixed that issue, it was broken in another way, at which point the owner of the website contacted us.
There really isn’t any reason that anyone should be relying on Sucuri at this point (which was equally true years ago as well). They have shown they lack an even basic understanding of security and their own marketing material indicates they are not focused on providing effective protection. They fail to properly deal with hacked websites with even the most serious hacking issues or high profile websites (we were recently hired to re-clean a hacked website they failed to clean, for which the hack was being investigated by the FBI).
A Better Alternative to Sucuri
If you have a website that needs to be cleaned up from malware or another type of hack, we provide a better alternative to using Sucuri, where we actually fully and properly clean up the website.
I am hopeful this comment will help other readers BEFORE they purchase Sucuri. I was happy with StackPath CDN and hadn’t had any problems. I had used Sucuri a long time ago and thought they were ok at that time (around 2012 or so).
I did a site overhaul and thought I would give Sucuri another go and cancel my StackPath account. Stackpath was a little bit more expensive so I figured I’d save a few bucks. Big mistake.
I’m reasonably tech savvy after over a decade of tinkering with websites, hosting accounts, DNS zone editors etc, so I was able to get it sorted without too many issues. I had a question for the guys but was pushed into their ticket system hell. They took their good old time responding, I can tell you that. That really pissed me off.
Long story short, rather than write a play by play of what happened, I have had to deal with them three times through their f*@%ing ticket system. You cannot get a live human being to help you with anything. At all. It’s ticket system or nothing. My ticket with them last night has still gone unanswered 12 hours later. When you post a ticket, you get a computerised “response” which just says it’s been assigned to someone (which it hasn’t. It’s just sitting in a queue). I also read by another user that if you respond before someone has actually responded for real, then your ticket goes to the back of the line. So if you wrote an initial ticket at 10pm and then at 8am the next day, 10 hours later, you write to them asking “hey, has anyone seen my ticket?” then you will go to the back of the queue.
As of this writing, f^@k them, I’m cancelling my account and going to stay with StackPath. Lesson learned. Big mistake.
If you’re looking for an honest, ethical, and helpful company, you aren’t going to find it in Sucuri. Best thing you can do is steer clear and go with another CDN/Security company.
We can’t speak to there CDN, but when it comes security Stackpath, seems to be like Sucuri, providing no evidence that there service provides effective protection, so there really wouldn’t be a good reason to get involved with either one for that purpose.