WordPress Backup, Security & Maintenance
Google Analytics Bootcamp June 26 28
The Best WordPress Security Plugin to
Built by the WordPress security experts
iThemes Security Pro takes the guesswork out of WordPress security. You shouldnt have to be a security professional to use a security plugin, so iThemes Security Pro makes it easy to secure & protect your WordPress website.
WordPress Protection with iThemes Security ProYour WordPress website needs a WordPress security strategy that includes a trusted WordPress security plugin like iThemes Security Pro. WordPress currently powers over 25% of all websites, so it has become an easy target for hackers with malicious intent.Make sure your WordPress website is secure and protected with iThemes Security Pro. iThemes Security Pro works to fix common WordPress security issues you may not know exist. By adding an extra layer of protection, iThemes Security Pro helps give you peace of mindand keeps the bad guys out.
Limit the number of failed login attempts allowed per user withWordPress brute force protection. If someone is trying to guess your password, theyll get locked out after a few attempts.
If someone manages to get into your site, theyll probably add, remove or change a file. Get email alerts showing any recent file changes so you know if youve been hacked.
If a bot is scanning your site for vulnerabilities, it will generate a lot of 404 errors. iThemes Security will lock out that IP after the limit you set (20 errors in 5 minutes by default).
Set which level of users on your site (admins, editors, users, etc.) need to have strong passwords. Strong password enforcement is one of the best ways tolock down WordPress.
Keep bad users away from your site if they have too many failed login attempts, if they generate too many 404 errors, or if theyre on a bot blacklist.
Not making changes to your site 24 hours a day?Harden WordPressby making the WordPress dashboard inaccessible during specific hours so no one else can sneak in and attempt to make changes.
Change the default URL of your WordPress login area so attackers wont know where to look. This feature is also great to help clients remember their login link.
Schedule database backups and have them emailed to you. Or you can get ourWordPress backup pluginto step up your backup game. Make complete backups and send them to off-site storage destinations.
Get email notifications when someone gets locked out after too many failed login attempts or when a file on your site has been changed.
See all 30+ ways iThemes Security protects your site
30+ WordPress Security features in one WordPress Security plugin
One-click Secure Site WordPress security check
Block specific IP addresses and user agents from accessing the site
Remove Windows Live Write header information
Remove update notifications from specific user roles
Change WordPress database table prefix
Force SSL for any post, page, or admin page
Turn off file editing in WordPress admin
Email Notifications & Digest Emails
WordPress Core Online File Comparison
WordPress Two-Factor Authentication
Extra protection for WordPress User Logins
With iThemes Security ProsWordPress two-factor authentication, users are required to enter both a password AND a secondary code sent to a mobile device such as a smartphone or tablet. Both the password and the code are required to successfully log in to a user account. Two-factor authentication adds an extra layer of WordPress security to verify its actually you logging in and not someone who gained access (or even guessed) your password.
The iThemes Security Pro plugin works with common two-factor authentication mobile apps such as Google Authenticator, Authy, FreeOTP and Toopher.
Time-sensitive codes are supplied via email to the email address associated with the users account.
Provides a set of one-time use codes that can be used to login in the event the primary two-factor method is lost.
With just a single click from your WordPress dashboard, you can see an instant WordPress Security Grade Report on the security of your WordPress website. Not only that, you can make the recommended fixes directly from this screen so you can raise your gradeand improve the overall security of your website. iThemes Security takes several factors into consideration when issuing your security grade, including your software and security settings.
Understand the big picture of your WordPress sites security with an overall security grade.
See details on your software and settings along with action items to improve your grade.
Quickly view and resolve security issues in the order that will boost your grade the most.
More features are on the way to help you quickly understand security and resolve any issues.
User-level security is absolutely essential for protecting your WordPress sites. Poor security for just one WordPress user account can open up your entire building, or site, to vulnerabilities that lead to hacks.
Use iThemes Security ProsWordPress User Security Checkto assess the security of all your WordPress user accounts at one time and take action on them if needed.
Poor security for just one WordPress user account can open up your entire building, or site, to vulnerabilities that lead to hacks.
iThemes Security uses Sucuri SiteCheck to power theWordPress malware scanfeature within the plugin. Sucuri SiteCheck uses a 10-point site check to scan your site for known malware, blacklist status, website errors and out-of-date software. With iThemes Security Pro, you can enable daily malware scanning and receive a notification email if a problem is found.
Outdated software whether its WordPress, themes or plugins puts your sites at risk because security vulnerabilities are often well known. iThemes Security Pros new Version Management option can automatically update to new versions of WordPress, themes and plugins, along with increase security measures when a sites software is outdated.
iThemes Security will automatically enable stricter security when an update has not been installed for a month. Additionally, you can also check for other outdated WordPress installs on your hosting account.
Ideal for sites you dont use frequently or sites that dont have complex setups, which are often neglected and have a greater risk of having outdated software.
Passwords are a critical component of a solid WordPress security strategy. iThemes Security Pro makes it easier for you to enforce strong passwords, so you can have greaterWordPress password security.
Use iThemes Security Pros strong password enforcement settings to add a strong password generator to user profiles, enable password expirations and control the minimum user role for strong password roles.
The Magic Links feature allows you to log in while your username is locked out by the Local Brute Force Protection feature.
When your username is locked out, you can request an email with a special login link. Using the emailed link will bypass the username lockout for you while brute force attackers are still locked out.
iThemes Sync offers a way tomanage multiple WordPress sitesfrom one place. Sync is also a secure way to remotely release iThemes Security lockouts and set Away Mode for your site.
iThemes Security Pros Away Mode feature shuts off access to your sites dashboard. With Sync, you can turn Away Mode on or off remotely on any of your sites running iThemes Security Pro.
Using Sync, you can see the IP addresses for any locked out users. To release lockouts, just click the Release button. All without every having to log into your site.
Includes best-seller BackupBuddy, Exchange Pro Pack, the DisplayBuddy series and more!
Get all the essential WordPress tools & resources to run your website
Unlimited site licenses for BackupBuddy
+ Everything we make at iThemes in one bundle, for one low price.
News & updates from our team of WordPress security experts
New! Protect WordPress from Compromised Passwords with iThemes Security Pro
Hows Your WordPress Password Strength? Take This Quiz
Understanding Your WordPress Security Grade Report
Read more posts about WordPress Security
How do I upgrade from the free version of iThemes Security to iThemes Security Pro?
After your purchase, youll receive an email with instructions on how to download iThemes Security Pro. To preserve your current settings deactivate the free version on your WordPress site, then install Pro. Activate the pro version and delete the Free version.
Why does iThemes Security require the latest WordPress version? Cant I use a slightly older version?
One of the best security practices for a WordPress site owner is keeping software up to date. Because of this, we only test this plugin on the latest stable version of WordPress and will only guarantee it works in the latest version.
Can a WordPress security plugin completely stop all attacks on my site?
No. iThemes Security is designed to help improve the security of your WordPress installation from many common attack methods, but it cannot prevent every possible attack. Nothing replaces diligence and good practice. This plugin makes it a little easier for you to apply both.
Is Security Check feature good enough protection?
TheSecurity Checkfeature is designed to help save you time and ensure your site is using the recommended security settings. After enabling this you should review all other features for further protection.
Is this plugin only for new WordPress installs or can I use it on existing sites, too?
Many of the changes made by this plugin are complex and can break existing sites. While iThemes Security can be installed on either a new or existing site, we strongly recommend making acomplete backupof your existing site before applying any features included in this plugin.
Will this work on all servers and hosts?
iThemes Security requires Apache or LiteSpeed and mod_rewrite or NGINX to work. While this security plugin should work on all hosts with Apache or LiteSpeed and mod_rewrite or NGINX, it has been known to experience problems in shared hosting environments where it runs out of resources such as available CPU or RAM. For this reason, it is extremely important that you make a backup of your site before installing on any existing site. If you run out of resources during an operation such as renaming your database table, you may need your backup to be able to restore access to your site.Finally, please make sure you have adequate RAM if you plan to use the file change detector or make large backups.
Does this work with network or multisite installations?
Yes. Were in the process of developing more documentation, so well update this as soon as its ready.
Of course! We are in constant need of testers. In addition, we can always use help with translations for internationalization.For more information on contributing to iThemes Security, visit this page.
What changes does this plugin make that can break my site?
iThemes Security makes significant changes to your database and other site files which can be problematic for existing WordPress sites. Again, we strongly recommended making a complete backup of your site before using this plugin. While problems are rare, most support requests involve the failure to make a proper backup before installation. DISCLAIMER: Under no circumstances do we release this plugin with any warranty, implied or otherwise. We cannot be held responsible for any damage that might arise from the use of this plugin.Note that renaming the wp-content directory will not update the path in existing content. Use this feature only on new sites or in a situation where you can easily update all existing links. For more information, visitFixing iThemes Security LockoutsandWhat is Changed By iThemes Security
Where can I get help if something goes wrong?
Official support for this plugin is available foriThemes Security Procustomers. Our team of experts is ready to help. To access support, please visit theiThemes Member Panelto create a support ticket.
Get updates on new themes & plugins plus special discounts
iThemes Media LLC Copyright © 2018 All rights reserved
Save 50% OFF BackupBuddy Gold through July 31, 2018Get the coupon