Need to protect your WordPress site from hackers? Keep your site locked down and secure with the fully-featured iThemes Security plugin. In our iThemes Security review, you’ll find out how it protects your site from all kinds of security threats, from brute force login attempts to troublesome bots and vulnerabilities.
Why Do You Need a Security Plugin?
It’s true that WordPress is a pretty secure CMS right out of the box. It gets frequent updates to fix any bugs and plug any security holes that arise.
But it’s also one of the most targeted CMSes for hacking, because of its massive popularity.
Despite their best efforts to keep their site safe, most users are not security experts. They may not be aware of security best practices, and unintentionally introduce vulnerabilities by their actions — or lack of action.
Every site is vulnerable. Hackers target all kinds of websites, not just to steal data, but also to spread malicious code to any visitors.
And if your site does get hacked, it can be a huge blow that’s difficult to recover from. Not only do you have to fix your hacked site, but you also have to repair the damage caused to your reputation. Your users may have trouble trusting your site in the future.
How iThemes Security Keeps Your Site Secure
iThemes Security has over 30 ways to keep your site safe and secure from hackers, including:
- Ban the IP addresses of known attackers from logging in to your site
- Lock out users after too many bad login attempts (similar to Login LockDown)
- Scan your site to detect malware and other suspicious code
- Enforce strong passwords for all accounts
- Force SSL for your dashboard or any page or post, as long as your server supports it
- Monitor your files for any unauthorized changes
- Receive email notifications of any suspicious activity on your site
- Obscures and hides important system information about your WordPress installation
- …and more
Lock Down Your Site With iThemes Security Pro
The Pro version of iThemes provides more advanced features and automation to save you time and keep your site even more secure, including:
- 2 Factor Authentication: Set up a mobile app (such as Google Authenticator or Authy) so that only you can log in with your smartphone
- Malware Scan Scheduling: Automatically scan your site for any suspicious code every day
- Password Expirations: Force users to create new passwords after a period of time of your choosing
- Import and Export Security Settings: Quickly set up your other WordPress sites with the same settings
- Customize Login URL: Prevent people from trying to login to your site by customizing your dashboard login URL
How to Set Up iThemes Security On Your Site
Important: Before installing this plugin and activating any of its security features, be sure to make a complete backup of your site. This is because the plugin makes changes to your database and site files which on rare occasions could cause problems with your site. For instructions on how to backup your site, see How to Create a Complete WordPress Backup for Free with BackWPup.
After installing and activating the plugin, you’ll see a notification to activate iThemes Brute Force Network Protection, which is free. This connects you to the iThemes network, so that known brute force attackers already in their database will be automatically blocked from logging in to your site.
Just fill out your email address to get the free API key.
Now you can navigate to Security » Settings to choose which security options you’d like to enable.
Looking at the settings screen can be a bit overwhelming with all the options available:
But you’ll notice that the recommended options are automatically shown, while more advanced options are hidden.
Each item has a short description of what it does. You can pick and choose which ones you’d like to enable and configure.
The features with an Enable button are easy to set up: just click the button and it’s set.
The features with a Configure Settings button may require you to review settings or fill out a few options to get started. For example, if you click on Banned Users, you can manually enter specific IP addresses to ban:
You can also navigate to Security » Security Check to scan your site.
Support and Documentation
The explanations provided within the plugin dashboard make it clear what each option does. The FAQ on WordPress.org addresses the most common issues and steps you can take to fix the problem. There are also more help articles available on the official iThemes support site.
For the free version of the plugin, community support is available on the WordPress.org support forums, where users are active in helping each other out. Most support threads are resolved quickly.
Pro users have access to official support from the developers.
iThemes Security vs. WordFence Security
Searching for the best security plugin for your website?
You may have also heard about WordFence Security, another popular free security plugin.
After testing both plugins, we found that while WordFence Security may be a good basic security plugin, it puts significant load on your server and has a clunky user interface. (See our full WordFence Security review.)
iThemes Security does have some features which may slow down your site, such as the File Change Detection features. Anything that continually scans your files will take up resources.
However, because iThemes Security is so customizable, you can pick and choose which features to enable. You can avoid ones that may slow down your site, or only run them during low traffic times.
We believe that all WordPress websites can benefit from a security plugin — the only question is which one is best for your site.
iThemes Security is one of the most popular and highly rated security plugins in the WordPress.org directory.
We found iThemes Security plugin easy to use, even if you’re not familiar with security jargon or best practices. It clearly explains each feature on your dashboard. While there are a lot of options, they’re presented in a manner that’s not too overwhelming.
We give iThemes Security 4 out of 5 stars. Here is the breakdown of our review scores: