There can be a lot of features to go through in iThemes Security Pro so we have created some 'Feature Spotlight' articles to give you a more in-depth look at some of the features iThemes Security Pro has to offer in the effort to keep your site secure and running smoothly! Each link below will take you to the Feature Spotlight article and will provide an insight into what each feature is, does, and the benefits of having them applied to your site!
Some features and settings are recommended for every site to run. This tool will ensure that your site is using these recommendations. The features enabled with the Security Check are: Banned Users, Database Backups, Local Brute Force Protection, File Change Detection, Magic Links, Site Scan Scheduling, Network Brute Force Protection, Passwordless Login, Strong Passwords, Two-Factor Authentication, User Logging, WordPress Tweaks
The Away Mode setting will allow you to disable access to the WordPress Dashboard for the specified period. In addition to limiting exposure to attackers, this could also be useful to disable site access based on a schedule for classroom or other reasons.
File Change detection will tell you what files have changed in your WordPress installation alerting you to changes not made by yourself. Unlike other solutions, this plugin will look only at your installation and compare files to the last check instead of comparing them with a remote installation thereby taking into account whether or not you modify the files yourself.
If one had unlimited time and wanted to try an unlimited number of password combinations to get into your site they eventually would, right? This method of attack, known as a brute force attack, is something that WordPress is acutely susceptible to as, by default, the system doesn't care how many attempts a user makes to login. It will always let you try again. Enabling login limits will ban the host user from attempting to login again after the specified bad login threshold has been reached.
Manage and configure Password Requirements for users.
These settings are listed as advanced because they block common forms of attacks but they can also block legitimate plugins and themes that rely on the same techniques. When activating the settings below, we recommend enabling them one by one to test that everything on your site is still working as expected.
As a reminder, some of these settings might conflict with other plugins or themes, so test your site after enabling each setting.
Bypass lockouts using a Magic Link. Enable logging in without a password.
Enabling this feature will allow administrators to temporarily grant extra access to a user of the site for a specified period of time. For example, a contractor can be granted developer access to the site for 24 hours after which his or her status would be automatically revoked.
Protect your site from bots by verifying that the person submitting comments or logging in is indeed human.
See a real-time overview of the security activity on your website with this dynamic dashboard.
Two-Factor Authentication greatly increases the security of your WordPress user account by requiring additional information beyond your username and password in order to log in.
Log user actions such as login, saving content and others.
Trusted Devices identifies the devices users use to login and can apply additional restrictions to unknown devices. By default, users will receive a notification in the admin bar about pending unrecognized devices, but we strongly recommend also enabling the "Unrecognized Login Notification" email in the Notification Center. Trusted Devices also powers the "Remember Device" setting in Two-Factor Authentication.
The iThemes Security Pro Grade Report feature helps you quickly find and resolve security weaknesses on your website by showing you a “grade” based on a number of factors that impact the security of your site.
This site scan is powered by iThemes. We use several data points to check for known malware, blocklist status, website errors and out-of-date software. These data points are not 100% accurate, but we try our best to provide thorough results.
Results of previous scans can be found on the logs page.