If you are like me, you’ve got a ton of different WordPress sites that you manage, use, create and interact with throughout the week. You care about making sure you’re locking down WordPress, but you only visit some of these sites once a week or so to publish a blog post or edit some content.
Can a WordPress Security Plugin Help with Locking Down WordPress?
A security plugin can definitely help with hardening WordPress, but if you use a plugin that alerts you whenever a user or IP address is locked out due to failed login attempts, these notifications might become overwhelming over time.
Again, these sites may only have one user that logs into the site to edit and post content. These are sites you only visit periodically and thus when security alerts happen you are pulled away from whatever you are doing to deal with issues you shouldn’t have to deal with.
Locking Down WordPress with Away Mode
Here is where a hidden gem of the WordPress security plugin, iThemes Security, comes into play.
One of the best WordPress security settings options in the plugin (even in the free version of iThemes Security) is Away Mode, which allows you to lock down WordPress.
What is Away Mode?
The Away Mode setting in iThemes Security grants WordPress administrators the ability to turn off access to the backend (i.e login area) of WordPress.
Here’s an example of what the Away Mode setting in the iThemes Security plugin looks like in your WordPress dashboard:
With Away Mode, you can set a daily restriction that turns on at a specified time and then turns off at a specified time.
You can also set a one time “vacation” setting that can span multiple days. This can be a site saver because if you are the only person who should be accessing the login areas of WordPress, why should you be allowing anyone to TRY to login while you are sleeping, or while you are on a cruise ship away from access to your site? Away Mode can shut all this down for you.
And the best part about the Away Mode in iThemes Security is that it doesn’t do anything with the front end access of your site. All your users and visitors will continue to have unrestricted access to read, comment, and interact with your front end portion of your WordPress site.
iThemes Sync Expands the Flexibility of Away Mode
If you use Away Mode in the iThemes Security plugin, you will absolutely want to be also using a WordPress maintenance tool like iThemes Sync as your central control panel (and access panel) for all your WordPress sites.
First, if you didn’t know this yet: iThemes Sync offers secure federated logins that allow an Sync admin user to login as ANY of the users on the site. (Think of it as a globalized User Switching plugin without the need to install any User Switching plugin.). It also allows me to quickly visit any site as a logged in administrator.
These two login capabilities have essentially turned iThemes Sync as my gateway entrance to all my managed WordPress sites.
Gone are the days of me visiting one of my websites, then either finding a “Login” link or typing /wp-admin/ or /wp-login.php at the end of the browser URL. I now access all my sites first through ithemes Sync.
iThemes Sync also provides one more hidden gem that works closely with the above Away Mode feature of iThemes Security. In the Security settings tab of an individual site setting in iThemes Sync you will find an “On/Off” switch for the Away Mode.
This Away Mode setting in iThemes Sync allows me to bypass previously set Away Mode configurations that may be in place on that specific WordPress site. It also allows me to turn on the Away Mode remotely anytime I want to turn it on without have to go set a custom option on that site.
Locking down WordPress by limiting access to the admin area has never been this easy to control and provides a perfect solution for that one-man/woman freelancing person or entrepreneurs who are running and managing multiple WordPress websites themselves.