In the Feature Spotlight posts, we will highlight a feature in the iThemes Security Pro plugin and share a bit about why we developed the feature, who the feature is for, and how to use the feature.
Today we are going to cover the WordPress Security Grade Report, a quick and easy way to audit the performance of your website’s security.
Why You Need a Website Security Grade Report
All WordPress sites need a solid WordPress security strategy, but how do you know how your security efforts are actually going?
The iThemes Security Pro Grade Report feature helps you quickly find and resolve security weaknesses on your website by showing you a “grade” based on a number of factors that impact the security of your site.
The two areas of website security graded by your Security Grade Report include:
- The software you have running on your site – This includes the versions of PHP, WordPress core, and any themes and plugins, and whether they are running the last versions
- Your security settings – If you have enabled the most important settings available in iThemes Security Pro, including two-factor authentication
For example, the WordPress Grade Report will check your website’s software, including the PHP version.A third of all WordPress websites are using a PHP version that has reached its end of life.
End of life means the software is not being actively developed or receiving critical security updates. Hackers know that any publicly disclosed PHP security vulnerabilities and unpatched vulnerabilities for PHP versions 7.1 and below will remain unpatched. This allows attackers to target and successfully hack websites using older versions of PHP.
Unfortunately, most of us don’t know if we are running a PHP version that is adding a security weak spot that any beginner-level hacker can exploit.
The WordPress Security Grade Report will show the outdated and potentially vulnerable software that you need to update before a hacker has a chance to exploit the vulnerability.
We sometimes hear from those of you that have concerns about whether or not you have configured iThemes Security Pro correctly. The Security Grade Report can help!
Your Grade Report also includes an audit of your website’s iThemes Security Pro configuration. The audit will let you know the settings you still need to enable to add the most protection to your website.
Let’s take a closer look at how to enable and use the Grade Report in iThemes Security Pro.
How to Enable the Grade Report in iThemes Security Pro
The Grade Report module is hidden by default. It is hidden to prevent unnecessary concern or confusion to those who aren’t responsible for managing the site’s security.
To enable the WordPress Security Grade Report, navigate to the Global Settings/
You will find the option to enable the Grade Report at the bottom of the Global Settings page.
Now navigate to the security settings’ Features menu and enable Grade Report.
Click the User Groups links to choose the users who should have access to the Grade Reports.
How to Check Your Security Grade
Navigate to the Grade Report page by clicking the Grade Report link in the WP admin menu.
Understanding Your Grade Report
The Grade Report is broken down into 4 different sections.
1. Your Security Grade
Your overall security Grade is a combination of your Software and Security Settings scores.
2. Your Software Grade
Your Software score is based on an audit of the PHP, WordPress, plugins, and theme installed on your website.
Keeping your software updated with the latest security patches is one of the best ways you can secure and protect your website.
Having outdated software with known vulnerabilities installed on your site gives hackers the blueprints they need to take over your website.
3. Your Security Settings Grade
The Security Settings score is based on your configuration of iThemes Security Pro. Your score improves as you add more security layers with iThemes Security Pro.
4. Your Grade Summary
In the Summary section, you’ll see a graph indicating the best possible grade your website can achieve. This will help give you a better idea of which security issues are more pressing to resolve so you can get your best grade.
Click the Resolve Issues button in the upper right-hand corner of the summary section to see more details for your software and the individual settings grades.
The Grade Report Issues page provides a summary of every item audited and the grade of each item.
The cool part is that each audit includes an explanation of why the different elements of the Grade Report are essential to your website’s security. Plus, you will be provided with an actionable step you can take to resolve issues found in the Grade Report.
The really cool part is that you can resolve most of the security issues in just 2 steps.
- Check the box next to the Select All Resolvable Issues.
- Click the Resolve Selected Issues button.
After you resolve the security issues, your security grade will be improved.
We can’t forget that good grades mean everything.
Wrapping Up: Your WordPress Security Grade Report
The iThemes Security Pro WordPress Security Grade Report feature helps you to spot outdated and potentially vulnerable software. Plus, it will give you the confidence that you are getting the most out of iThemes Security Pro!
Each week, Michael puts together the WordPress Vulnerability Report to help keep your sites safe. As Product Manager at iThemes, he helps us continue to improve the iThemes product lineup. He’s a giant nerd & loves learning about all things tech, old & new. You can find Michael hanging out with his wife & daughter, reading or listening to music when not working.