In the Feature Spotlight posts, we are going to highlight a feature in iThemes Security Pro and share a bit about why we developed the feature, who the feature is for, and how to use the feature.
Today we are going to cover User Groups, a really cool feature to apply the right amount of security to the right people.
Why we Developed User Groups
WordPress security, by design, affects how people interact with your website. Some security measures add a healthy level of protection by removing some of the website’s convenience. It makes sense to add some friction for site Administrators and require them to use two-factor authentication when logging in. If an attacker were to take control of one of your site’s Admin accounts, they could also take over your website.
Requiring a high level of security for every WordPress user that can make changes to your site is one of the best things you can do to protect your website. However, you probably don’t want to require the same level of security for your site’s customers and subscribers. While you probably should give your customers options like two-factor authentication to protect their accounts, you may not want to force it on them.
iThemes Security Pro not only provides the tools you need to protect your website from attack, but it also includes data on the health of your site’s security. The data is displayed in the form of security notifications, logs, and even a security grade. All this information is invaluable to the person managing the website’s security. However, the data can create an unnecessary concern to those that don’t understand the difference between notification letting you know an attack was stopped and from one letting you know the site was infected with malware.
With the sensitive data and all of the different settings in iThemes Security Pro that protect but change how people interact with your website, wouldn’t it be great to manage all of this from a single location?
What Are User Groups
Users Groups module in iThemes Security Pro allows you to quickly see which settings that can affect the user experience are enabled and make modifications to them from a single location.
To make it easier to manage the user security on your site, iThemes Security Pro sorts all of your users into different groups. By default, your users will be grouped by their WordPress capabilities. Sorting by WordPress capabilities allows for easy combining of WordPress and custom user roles into the same group. For example, if you are running a WooCommerce site, your site Administrators and Shop Managers will be in the Admin User Group, and your Subscribers and Customers will be in the Subscriber User Group.
In the User Groups settings, you will see all your user groups and all of the security settings that are enabled for each group, and quickly toggle the settings on and off. User Group gives you the confidence you are applying the right level of security to the right users.
How to Use User Groups in iThemes Security Pro
In the iThemes Security Pro settings, click the User Groups Configure Settings button.
On this page, you will see all of your site’s User Groups, and the settings currently enabled for each group. Click the different User Groups to toggle between their settings.
In the Feature List of a user, click the toggle switch beneath a security feature to enable or disable the setting.
In the EDIT GROUP tab, you can modify the groups name and members.
You can also create Custom User Groups. Let’s say you wanted to separate the WooCommmerce Shop Manager user role into its own group and remove their ability to manage the iThemes Security Pro settings and see sensitive security data. We can make this happen in just a few steps.
1. Remove the Shop Manager user from the Administrator Group’s Edit Group tab.
2. Click the +New Group button, name your group Shop Manager, check the box to the left of Shop Manager, and click the Save button.
3. Click the FEATURES tab to enable the settings you want to be applied to your Shop Managers. You can enforce the same robust security settings used to secure your Administrator users while removing their ability to manage the iThemes Security settings or creating new iThemes Security dashboards.
Alright, now our Shop Managers can manage our WooCommerce shop and are still required to use proven security methods like two-factor authentication, without having access to the iThemes Security Pro settings.
Configuring your website’s user security shouldn’t be confusing or require you to waste time jumping between security settings to make sure they are enabled for the right users. iThemes Security Pro Users Groups gives you the ability to fine-tune your site’s user security quickly from a single location.
Each week, Michael puts together the WordPress Vulnerability Report to help keep your sites safe. As Product Manager at iThemes, he helps us continue to improve the iThemes product lineup. He’s a giant nerd & loves learning about all things tech, old & new. You can find Michael hanging out with his wife & daughter, reading or listening to music when not working.