iThemes Security Pro’s Version Management module can automatically update to new versions of WordPress, themes and plugins, along with increasing security measures when a site’s software is outdated. Additionally, it can scan for other out of date WordPress sites that may be installed on your hosting account.
Two Ways to Protect Your WordPress Sites
1. Automatic Updates for WordPress, Themes and Plugins
This option is ideal for sites you don’t use or engage with frequently or don’t have complex setups, like brochure sites, which are often neglected and thus have a greater risk of having outdated software.
- WordPress Automatic Updates – All WordPress updates are automatically installed when available. Currently, WordPress does not automatically update for major point releases, so for most default WordPress installs, you’re still required to manually make these updates.
- Plugin Automatic Updates – All plugin updates are automatically installed when available. Use this if you’ve got a set of plugins you trust from reputable sources and aren’t worried about rare compatibility conflicts.
- Theme Automatic Updates – All theme updates are automatically installed when available. Use this if you’ve put your theme customizations in a child theme, so as to not override your customizations by updating the parent theme.
- Granular Control over Plugin and Theme updates - You may have plugins/themes that you'd like to either manually update, or delay the update until the release has had time to prove stable. You can choose Custom for the opportunity to assign each individual plugin or theme to either update immediately (Enable), not update automatically at all (Disable) or update with a delay of a specified amount of days (Delay).
2. Strengthening and Alerting to Critical Issues
- Strengthen Site When Running Outdated Software – iThemes Security will automatically enable stricter security when an update has not been installed for a month. This will harden your website security in a couple of key ways. First, it will force all users that do not have Two-Factor Authentication enabled to provide a login code sent to their email address before logging back in. Second, it will disable the WP File Editor (in order to block people from editing plugin or theme code), XML-RPC pingbacks and block multiple authentication attempts per XML-RPC request (both of which will make XML-RPC stronger against attacks without having to completely turn it off).
- Scan for Other Old WordPress Sites – This will checks for other outdated WordPress installs on your hosting account. A single outdated WordPress site with a vulnerability could allow attackers to compromise all the other sites on the same hosting account.
- Send Email Notifications – An email is sent to admin-level users whenever issues that require user intervention occur.