Menu
iThemes
WordPress Backup, Security & Maintenance
  • Products
    • iThemes Security Pro
    • BackupBuddy
    • Kadence WP
    • Restrict Content Pro
    • iThemes Sync
    • Why buy from iThemes?
  • Bundles
    • Essentials Bundle
    • Plugin Suite
    • WordPress Web Designer’s Toolkit
    • Customer Spotlights
  • Resources
    • Blog
    • WordPress 101 Tutorials
    • WordPress Ebooks
    • Weekly WordPress Vulnerability Report
    • The Ultimate Guide to Starting a Web Design Business
  • Training
    • Upcoming Webinars
    • Free Webinar Library
    • Premium Courses
    • Become a Member
    • Member Login
  • Support
    • Documentation
    • Get Help
    • Product Updates
    • Upgrade Policy
    • Contact
    • Our Mission: Make People’s Lives Awesome
  • Log In
WordPress News and Updates from iThemes
Categories
  • Product Updates
  • WordPress Backup
  • WordPress Block Editor
  • WordPress Ecommerce
  • WordPress for Freelancers
  • WordPress Security
  • WordPress Tutorials
  • WPprosper

New WordPress User Security Check Helps You Review, Take Action on User Security

Written by Cory Miller on August 9, 2016

Last Updated on October 24, 2016

One of the key ways hackers (or bots) use to hack your WordPress site is through your site’s WordPress User accounts.

If you think about your site, for a second, like a physical building, whether your home or an office, every user is a door into that building.

wordpress user security

Poor security for just one user account can open up your entire building, or site, to vulnerabilities that lead to hacks.

For example, let’s say your site has 5 Admin users all using strong passwords (like 50-characters or more) and two-factor authentication for their secondary layer of protection to entry into the site. But ONE user has a weak password that has likely been published online (i.e. “password” or “pass1234”), or if their user account has sat dormant for months, giving hackers or bots enough time to potentially break their password, then the entire building, or site, is vulnerable by that one account.

Good user-level security best practices are absolutely essential for protecting your WordPress sites.

Today, with iThemes Security Pro v. 2.8.0+, we’ve made it super easy for you to assess the security of all your WordPress user accounts at one time and take action on them if needed with a new feature called WordPress User Security Check.

WordPress User Security Check helps you see all your Users in one place, make quick assessments and take key, critical actions

With WordPress User Security Check, you can:

  • Know which accounts have Two-Factor Authentication enabled or not — WordPress two-factor authentication is one of the best ways to lockdown your user accounts.
  • See when Users were Last Active — get a quick view of dormant accounts, for say, that contract developer you needed to give access to your site for a time, but now is irrelevant
  • See sessions of who’s logged in — and be able to log them out instantly, everywhere. Maybe a user logged in from a library, hotel or a conference setting and you can’t find that laptop or simply want to wipe the slate clean and have everyone log back in. Having a logged in session that isn’t currently attended is like having an OPEN door.
  • Change their Roles (and thus Capabilities ) instantly — Admin and Editors roles in WordPress can do a lot of damage to your site. But not every user on your site may need Admin privileges, so you can bump them down quick with one click, and later upgrade them if needed easily, diminishing the opportunity for hacks by those accounts.
  • Delete unused or unneeded user accounts — clear out unneeded and unnecessary user accounts.

All of this helps you lower the potential opportunities for an attack via your WordPress users.

Additionally, we’ll be adding even more useful, actionable information to WordPress User Security Check in the near future like: Listing the “strength” of each user’s password, how long since the password has been changed, reminding users to enable Two-Factor Authentication, and a “health” score for each user.

The security of your WordPress site depends heavily on the security of your site’s users. Make sure you’re doing everything you can to lower those opportunities by using iThemes Security Pro’s new WordPress User Security Check.

Get iThemes Security Pro now

Perform a WordPress User Security Check with iThemes Security Pro

Now, with iThemes Security Pro, you can quickly get an overview of important security info for all the users on your WordPress site. See how your users might be affecting your security and take action when needed.

wordpress user security

Information & Actions Available from the WordPress User Security Check

Column Heading Description + Actions
Username Hover over the username to edit or delete the user.
Two-Factor Lock icons indicate whether or not two-factor has been activated for the user.
Last Active Displays the time the user was last active on the site. This information can indicate if a user has been compromised.
Sessions Shows number of current login locations. Click the button to log the user out of all locations.
Role Change the role of the user. This is helpful if a user has a higher-access role than necessary.

How to Use the WordPress User Security Check

From the WordPress dashboard, navigate to the iThemes Security menu. Open the Settings page.

On the Settings page, navigate to the User Security Check box at the bottom of the page. Click the Configure Settings button.

From here, you’ll be able to see the details of the WordPress User Security Check. View a listing of users, along with more security information such as two-factor authentication status, last active, current sessions and current WordPress user role. As far as actions go, you can delete or edit users, change the role of individual users and log users out directly from this screen.

wordpress user security

Keep Your WordPress Site Secure with WordPress User Security Check, Two-Factor Authentication & More

Add an extra layer of protection to your WordPress site with the iThemes Security Pro plugin. Along with WordPress User Security Check, add two-factor authentication, WordPress security scan, Google reCAPTCHA integration, and much more to your WordPress site.
Check out all the reasons to go Pro here.

All current iThemes Security Pro customers will now find the 2.8.0 update available from the WordPress dashboard (for licensed sites) or as a manual download from the iThemes Member Panel. Save time updating all your sites at once from the iThemes Sync Dashboard.

Get iThemes Security Pro now

Cory Miller
Cory Miller

Founder of iThemes.com

Share via:

  • Facebook
  • Twitter
  • LinkedIn
  • More
Other related posts
WordPress vulnerability report
WordPress Vulnerability Report – June 22, 2022
what-is-a-pharma-hack
What is a WordPress Pharma Hack?
wordpress vulnerability report
WordPress Vulnerability Report – June 15, 2022
clean-up-hacked-wordpress-site
How to Clean a Hacked WordPress Site

Comments

  1. Peter Netz Lassen says:
    February 7, 2018 at 7:28 am

    Hi Lads,

    Didn’t I read something about that ithemes Security now could redirect login page?

    So it’s not the default /wp-admin/ or /wp-login.php ??

    Greetings

    Peter

    Reply

Respond

Click here to cancel reply.

Get updates on new themes & plugins plus special discounts

About iThemes

  • The Team
  • Contact Us
  • Website Accessibility Statement
  • Sitemap

Resources

  • Blog
  • Documentation
  • WordPress Tutorials
  • Free WordPress Ebooks
  • Free Webinar Library
  • Free Upcoming Webinars
  • iThemes Training
  • Affiliates

Customers

  • Member Panel Login
  • Support
  • FAQs
  • Upgrade Policy
  • Licensing
  • Terms and Conditions
  • Refund Policy

Top Products

  • BackupBuddy
  • iThemes Security Pro
  • iThemes Sync
  • Restrict Content Pro
  • WPComplete
  • WordPress Hosting
  • WordPress Plugins
  • Content Upgrades
  • WordPress Landing Page Plugin
  • BackupBuddy Stash

iThemes Media LLC Copyright © 2022 All rights reserved | Privacy Policy

© 2022 All Rights Reserved.

Share via
Facebook
Twitter
LinkedIn
Mix
Email
Print
Copy Link
Powered by Social Snap
Copy link
CopyCopied
Powered by Social Snap