Sucuri could provide help for specific security alerts in-line instead of requiring users to search for it in the help section. Users get errors or EBAs, and if they want to read about it, they need to find it in the help section of the site. It would be more helpful to allow users to see more information and tips immediately from within the alert.

One area where they could improve is in providing real-time support options because now you need to open a support ticket and wait for their response. It would greatly benefit customers if they implemented an online chat or messaging system for quicker assistance. I have found their Content Delivery Network service to be lacking in quality, and it could certainly be enhanced to provide better performance. I would also like to see improvements in the deployment process, as it currently takes more time than desirable. Another significant concern is that their service when your website is down, turns it into a static site. This means that if customers try to visit your site during downtime, they will see old content from the static site, which is not ideal. The CDN and tracking services are areas that need improvement, as well as addressing their bandwidth limitations.

The main improvement I would like to see is support for .NET applications. If they could include this feature, I would include more sites in the protection.

In future releases, perhaps Sucuri could include a PCI test for our site or some ethical hacking features. More advanced features than what I have paid for would be wonderful.

In terms of improvement, the cost factor is always there.

• Confident score: Currently it does not have one and there are cases that most websites flagged are false-positives. Since they don’t have it, then we end up manually reassessing the website. It would be good if they had it so we could tweak our system to only accept certain detections based on some confident score/level.
• They constantly release blogs on a certain vulnerability. This is useful to keep us updated on the latest threats. However, it would be more useful if they would be able to map/tag detections from their Network API with those threats/vulnerabilities that they have blogged.  For example, they blogged about a Joomla! core exploit and they have identified the suspicious codes i.e., $var=xyz. It would be great if their network API scanner could tag/map domains with similar code, such as“joomla-exploit-1”. In that way, network API users who keep the scan results in the database can simply search for those with “joomla-exploit-1” and then they could determine, straightaway, the affected domains.

I'm not sure if Sucuri also provides DDoS protection services but it would be good if they did.