Categories: Hosting News

SG Site Scanner powered by Sucuri

Having a website regularly scanned for security issues, is something we have always highly recommended to our customers. Our site scanning service (known as HackAlert until recently) has always been among the bestsellers and is used by thousands of our customers to check their websites and inform them in case of a malware. Today we are happy to announce that we have introduced a number of improvements to this services. It is now called SG Site Scanner, it is powered by one of the most prominent web security experts - Sucuri.net, and it is simply awesome!

Why Sucuri?

There are several reasons to change our scan partner from Armorize to Sucuri. First, Sucuri is one of the most respected companies in the website security field. In addition, we have been working in partnership with them for several years. We have relied on their expertise for solving numerous complex security issues. And last, but not least, many of our clients’ websites have also been cleaned by Sucuri from malicious code over the years. That is why it was only natural that we extend this already successful partnership and make it cover the daily site scans too.

What is so good about SG Site Scanner?

More efficient scanning and reporting

We now scan all the pages that are linked on your website homepage (or any other page of your choice) on a daily basis. This has proven to work more efficiently than the previous system of scanning a limited number of 10 random pages. If any issue is detected the site owner immediately receives a notification email.

More convenient interface

The SG Site Scanner report page is part of your SiteGround Customer Area now. It is no longer needed to log into another interface to access information on the security status of your site. In case of an issue all infected URLs and/or blacklists are conveniently listed in the interface. It also allows you to push an unscheduled scan with a click and you can easily switch on and off the weekly email status reports.

If you already have HackAlert, no action is required on your part -- it has already been replaced with the SG Site Scanner. You can learn more how to use it in our SG Site Scanner tutorial. If you are still not using any regular scanning service we strongly recommend that you start today. You can order the SG Site Scanner for any domain of your choice in your Customer Area.

Lilyana Yakimova: I have been with SiteGround since it was born and it has always amazed me to watch this company grow and develop its unique personality. My rewarding and challenging job is to help SiteGround communicate its strengths in the best way possible, learn from its mistakes and become a better person, oops, I meant a better brand!

View Comments

  • This is great news! So do we get the full Website Firewall and Antivirus products offered by Sucuri? Or is it just a daily scan?

    • Just the malware scanning service. If you want to use their CDN and firewall, you need to get it directly from Sucuri.

    • The SG Site Scanner is a remote type of service that looks for issues detectable in a browser like malware, defacement, redirects, pharma hacks, etc. It crawls the web pages linked from your homepage daily looking for such issues. It does not include server side scanning for malicious files that does not manifest in the browser like mailer scripts or other issues with the code. The scanner is perfectly compatible with WordPress sites.

  • I have a couple of questions.

    Does the service come with a site seal showing a site is being scanned daily, and that it is clean? Also, how would it work for wildcard domains? Do we need to purchase a separate service for each sub-domain?

    • SG Site Scanner does not come with a site seal and there is no mark that your website is being scanned. Also for each separate subdomain a new SG Site Scanner should be purchased.

  • Hi,

    Alongside "SG Site Scanner" HackAlert still seems to be running. I got its weekly report too. Why so?

    Quote: "We now scan all the pages that are linked on your website homepage (or any other page of your choice) on a daily basis."
    Where can I configure "the page of my choice"? Are there any configuration options at all? If so, where? Also, can we get a detailed report of the pages scanned?

    No more optional daily reports? Only weekly? We needed the daily report so that we could test our email filters, because reports are only sent to one email address, but we need to forward the report to some other address. With only a weekly report, it is much harder to test our forwarding setup.

    In terms of configuration and transparency SG Site Scanner is worse than HackAlert. SG Site Scanner is a lot more like a black box.

    • As to your first question, that would be the last email you get from HackAlert. Both were operational for a short period of time but now only the new service runs on our servers. SG Site Scanner goes through all indexable urls, I am afraid that at this point you can't se manually which pages to be scanned. As to your last question, I am afraid that at this point we send only weekly reports. However, we will consider the option to add functionality for daily scans. We want to make the tool as simple as possible and to work right away without you having to configure it. That's why it doesn't have as many configurations as the HackAlert. As a service, however, it's really way better.

      • Thank you for you answers, Hristo! If would be great if you guys could implement the configuration features similar to HackAlert. Of course, configuration could be completely optional, with defaults already applied.

        "As a service, however, it's really way better." I do believe it, however, it would be nice to see how well the scanner handles all the crosslinks and "all the pages that are linked on your website homepage".

  • Great news!

    I would like to buy the Securi Firewall Pack for my website. Do you have any dedicated discount for us (your customers)?

    Thanks in advance!

    • At this point we don't have a special discount for the the full package but that's definitely something we will do our best to get soon.

  • Sucuri is not only just for WordPress based sites, they also supports sites which are running on Drupal, PHP, .NET, Joomla and even HTML. So no matter which format your website is up on, Sucuri will make sure they are not infected.

    • The SG Site Scanner works for any type of site, while the Sucuri plugin is WordPress specific. This means that if you start your website with Weebly today, and later decide to move to WordPress, and a year from now you go on something completely custom, the scan will continue to work without any action needed on your side, as long as you use the same domain for your site. Additionally, with the SG Site Scanner you do not need to install, update or configure any plugin or other software in order to get daily checks and the associated notifications. As a whole SG SiteScanner is a more simple and at the same time more universal click and go solution, while the Sucuri plugin has a much more complicated interface that provides different WordPress specific options apart from the remote scanning and blacklist monitoring.

      • But wouldn't a combination of both be the best? I mean the free plugin does not do any automated site scans while the site scanner checks the site on a daily basis. Or did I misunderstand something?

        • Both should work great - scans from the service and the rest from the plugin. It really depends on your preferences.

      • Sooooo......it is really no different (for a WordPress site) than the Sucuri free plugin. Is that correct? And in fact, it sounds like the free sucuri plugin actually has more options in addition to doing the same thing your solution does. So for someone like me, a web developer, it sounds like my best option is the free plugin. Would you agree?

        • Yes, I would agree that for a more advanced developer, who manages WordPress sites only, the plugin may be a better match.

  • When I received the email about this change, it was literally 2 days after I read a blog from a developer who claimed that website scanning did not help her clean her website. The only thing that worked was Sucuri.
    I've had many web hosting services before, Siteground is by far the best experience so far. Sucuri for site scanning further confirms that this was the best decision ever.

  • I heard sucuri announced partner program recently. Will siteground ever partner up with them for hosting plans like you do with CloudFlare? I would definitely sign up for that.

    • This is not in our immediate plans but if we make something towards that direction we will inform our customers accordingly.

  • Maybe not as part of this feature, but some statistics of how many threats your WAF has blocked would be brilliant.
    I see 2 main benefits of it;
    1) You can visually in numbers prove how well your hosting worth of investment for your customers.
    2) We as customers can use those numbers to show to our clients as well.

    I find such statistics help to explain to clients why they need quality hosting and maintenance.