In the Feature Spotlight posts, we will highlight a feature in the iThemes Security Pro plugin and share a bit about why we developed the feature, who the feature is for, and how to use the feature.
Today we will cover the iThemes Security Check, a way to secure your website with a single click.
Why You Should Use the Security Check for Your Website
The Security Check feature helps save you time by enabling some of the most important security features of the iThemes Security Pro plugin for you. The check also runs some critical audits of your website’s server environment …. all with a click of a mouse.
While the Security Check doesn’t enable all of the recommended website features in iThemes Security Pro, it does provide a great jumping-off point. That said, running the Security Check will secure your website against the vast majority of hacker attacks.
Check out the top 10 things to do after installing iThemes Security Pro.
We will cover all the settings the Security Check enables, but first, let’s learn how to run the check.
How to Use the iThemes Security Check
After installing and activating the iThemes Security Pro plugin, you’ll see a prompt to run the Security Check..
You can also access the Security Check at any time by clicking the Configure Settings button on the security settings’ main page.
To run a new Security Check, click the Run Secure Site Again button.
In the next section, we will talk about what running Security Check actually does to secure and protect your website.
What Does the Security Check Do?
The Security Check audits certain aspects of your server configuration to optimize the protection that iThemes Security Pro provides on your website.The Security Check also audits certain aspects of your server configuration to optimize the protection that iThemes Security Pro provides on your website.
Security Settings Enabled By Security Check
The Security Check won’t create any conflicts on your website. The Security Check only enables the recommended security settings that play nicely in all website environments, including shared hosts with limited resources.
Let’s take a look at the settings that are enabled by the Security Check.
- Local Brute Force Protection – The Local Brute Force Protection feature keeps track of invalid login attempts made by IPs and usernames. Once an attacker has made too many consecutive invalid login attempts, they will get locked out.
- Banned Users – The Banned Users feature keeps track of IP lockouts. Once an IP has become a repeat offender, iThemes Security Pro will add the IP to the Banned Hosts list and prevent the IP from viewing your website, let alone try to login.
- Database Backups – The Database Backups feature creates backups of your site’s database.
- Magic Links – The Magic Links feature allows you to request an email with a unique login link when your username is locked out. Using the emailed link will allow you to bypass the lockout, while the brute force attackers remained locked out.
- Passwordless Login – The Passwordless Login feature is a new way to verify a user’s identity without actually requiring a password to login.
- Site Scan – The Site Scan checks your site for known vulnerabilities and automatically apply a patch if one is available.
- Two-Factor Authentication – Two-Factor Authentication verifies a person’s identity by requiring two separate methods of verification.
- User Logging – The User Logging feature does exactly what you think; it logs user actions such as logging in and saving content.
- WordPress Tweaks – Not all of the WordPress Tweaks options are enabled by the Security Check. Essential security methods like Disabling the File Editor, Blocking Multiple Authentication Attempts per XML-RPC Request, Restricting REST API Access, and Mitigate Attachment File Traversal Attack are enabled.
The Security Check will prompt you to activate your Network Brute Force Protection license. The Brute Force Protection Network helps iThemes Security users protect each other. IPs that get blocked for attacking your website, along with the blocked IP of other websites protected by iThemes Security, will get reported to the Brute Force Network. Once an IP is in the Brute Force Network, they will be blocked from all sites in the network.
2. Server Configuration Check
The Security Check uses proxy detection to help prevent any inadvertent server lockouts by identifying your website’s server and loopback IPs. The Security Check will also verify the remote IPs hitting your website to protect against IP spoofing.
You can choose how iThemes Security identifies IPs in the Global Settings. Choose the Security Check Scan to increase iThemes Security Pro’s ability to accurately identify your server IP and the IPs of bad actors attacking your website.
Incorrectly identifying the IPs of bad actors may lead to attackers bypassing lockouts or bans.
The Security Check… checks to see if your server has an SSL certificate enabled and if your HTTP page requests are being redirected to HTTPs. A page that is loaded using HTTPs protects your visitors with SSL encryption. You force HTTPS redirect from the Security Check menu.
Wrapping Up: Use the iThemes Security Check to Secure Your WordPress Site
With a single click, the Security Check in iThemes Security Pro:
- Adds pro-level protection to your website by enabling critical security settings.
- Identifies the server & loopback IPs to prevent inadvertent lockouts.
- Prevents attackers from spoofing their IPs to bypass lockouts with remote IP identification.
- Redirects HTTP page requests to HTTPS.
- Add your website to iThemes Security Brute Force Network.
Get iThemes Security Pro – On Sale Now for 40% Off!
