Menu
iThemes
WordPress Backup, Security & Maintenance
  • Products
    • iThemes Security Pro
    • BackupBuddy
    • Kadence WP
    • Restrict Content Pro
    • iThemes Sync
    • Why buy from iThemes?
  • Bundles
    • Essentials Bundle
    • Plugin Suite
    • WordPress Web Designer’s Toolkit
    • Customer Spotlights
  • Resources
    • Blog
    • WordPress 101 Tutorials
    • WordPress Ebooks
    • Weekly WordPress Vulnerability Report
    • The Ultimate Guide to Starting a Web Design Business
  • Training
    • Upcoming Webinars
    • Free Webinar Library
    • Premium Courses
    • Become a Member
    • Member Login
  • Support
    • Documentation
    • Get Help
    • Product Updates
    • Upgrade Policy
    • Contact
    • Our Mission: Make People’s Lives Awesome
  • Log In
WordPress News and Updates from iThemes
Categories
  • Product Updates
  • WordPress Backup
  • WordPress Block Editor
  • WordPress Ecommerce
  • WordPress for Freelancers
  • WordPress Maintenance
  • WordPress Security
  • WordPress Training Webinars
  • WordPress Tutorials
  • WPprosper

New! Introducing Trusted Devices with Session Hijacking Protection in iThemes Security

Written by Kristen Wright on October 3, 2018

Last Updated on November 19, 2018

The latest version of iThemes Security Pro just added another layer of security for your WordPress website. Introducing Trusted Devices, a new way to monitor and identify the devices used to login to WordPress.

By adding security measures for unknown devices, along with Session Hijacking protection, you can lock down your WordPress website and protect it from compromises to user logins.

Current iThemes Security Pro, Plugin Suite & Toolkit customers will find version 5.5.0 of the iThemes Security Pro plugin available as an automatic update from your WordPress dashboard (for licensed sites) or as a manual download from the iThemes Member Panel. Save time updating all your sites at once from the iThemes Sync dashboard.

New! Trusted Devices + Login Alerts

iThemes Security’s new Trusted Devices setting works to identify the devices users use to login to your WordPress site and can apply additional restrictions to unknown devices.

Notice for Unrecognized Devices

After enabling the new Trusted Devices setting, users will receive a notification in the WordPress admin bar about pending unrecognized devices.

Trusted Devices

Optional Email Notification

In addition to the WordPress admin login notice, an Unrecognized Login Notification email (optional, but recommended) can also alert you whenever an unrecognized device has been used to log in.

The Unrecognized Login Notification email is customizable from iThemes Security’s Notification Center. From the settings, you can use the default text or add your own. This email notification also supports basic HTML and email tags.

Restrict Capabilities on Unrecognized Sessions

When a user is logged in on an unrecognized device, you can restrict their administrator-level capabilities to prevent them from editing their login details.

Note: Enabling “Restrict Capabilities” requires the “Unrecognized Login” email notification to be enabled from the Notification Center within the iThemes Security plugin.

New! Session Hijacking Protection

Session hijacking, sometimes called Cookie hijacking, is a strategy used by hackers to take control of your account while you are using it, effectively becoming the owner.

By enabling iThemes Security’s new Session Hijacking Protection in the Trusted Devices setting, you can prevent session hijacking by checking that a user’s device does not change during a session.

If a user’s device changes during a session, iThemes Security will automatically log the user out to prevent any unauthorized activity on the user’s account, such as changing the user’s email address or uploading malicious plugins.

New! Geolocation Accuracy & Static Image Maps

iThemes Security uses geolocation to improve the accuracy of Trusted Device identification. You can use either the free MaxMind database that allows for Geolocation lookups without connecting to an external API or, for the highest degree of accuracy, you can sign up for a MaxMind GeoIP2 Precision: City account. Most users should find the lowest credit amount sufficient.

geolocation map

iThemes Security also utilizes static image maps to display the approximate location of an unrecognized login. We recommend using either the Mapbox or MapQuest APIs. The free plan for both services should be sufficient for most users.

WordPress User Profile with Trusted Devices Info

Once Trusted Devices is enabled within iThemes Security, site admins can manage devices from the WordPress User Profile page. From this screen, site admins can approve or deny devices from the Trusted Devices list.

WordPress user trusted devices

Note: Users can approve or deny devices through the WordPress admin bar notice or via their email notifications. The devices list on the Profile page is intended as a support tool for site administrators if a user locks themselves out accidentally.

Integration with Two-Factor Authentication

Trusted Devices powers iThemes Security’s “Remember Me” setting in Two-Factor Authentication. If the device doesn’t look the same, users are forced to re-enter their two-factor code instead of bypassing it.

remember-two-factor

Note: While remembering devices is convenient, it is more secure to require users to generate a new Two-Factor token every login.

iThemes Security Pro

Secure & Protect Your WordPress with iThemes Security Pro

The new Trusted Devices with Session Hijacking Protection is just another way you can secure and protect your WordPress website. Along with other Pro features such as WordPress two-factor authentication, WordPress malware scan, WordPress brute force protection and more, you can rest a little easier, knowing your website is protected by iThemes Security Pro.

Get iThemes Security Pro

Kristen Wright
Kristen Wright

Kristen has been writing tutorials to help WordPress users since 2011. As marketing director here at iThemes, she’s dedicated to helping you find the best ways to build, manage, and maintain effective WordPress websites. Kristen also enjoys journaling (check out her side project, The Transformation Year!), hiking and camping, step aerobics, cooking, and daily adventures with her family, hoping to live a more present life.

Share via:

  • Facebook
  • Twitter
  • LinkedIn
  • More
Other related posts
wordpress-vulnerability-report
WordPress Vulnerability Report – May 11, 2022
sql-injection
SQL Injection: A Guide for WordPress Users

WordPress Vulnerability Report – May 4, 2022
cross-site scripting WordPress
Cross-Site Scripting: A Guide for WordPress Users

Respond

Click here to cancel reply.

Get updates on new themes & plugins plus special discounts

About iThemes

  • The Team
  • Contact Us
  • Website Accessibility Statement
  • Sitemap

Resources

  • Blog
  • Documentation
  • WordPress Tutorials
  • Free WordPress Ebooks
  • Free Webinar Library
  • Free Upcoming Webinars
  • iThemes Training
  • Affiliates

Customers

  • Member Panel Login
  • Support
  • FAQs
  • Upgrade Policy
  • Licensing
  • Terms and Conditions
  • Refund Policy

Top Products

  • BackupBuddy
  • iThemes Security Pro
  • iThemes Sync
  • Restrict Content Pro
  • WPComplete
  • WordPress Hosting
  • WordPress Plugins
  • Content Upgrades
  • WordPress Landing Page Plugin
  • BackupBuddy Stash

iThemes Media LLC Copyright © 2022 All rights reserved | Privacy Policy

© 2022 All Rights Reserved.

Share via
Facebook
Twitter
LinkedIn
Mix
Email
Print
Copy Link
Powered by Social Snap
Copy link
CopyCopied
Powered by Social Snap