The iThemes Security Pro plugin already helps you lock down your WordPress website down to the user-level with the User Security Check and User Logging features. Today, we are excited to roll out the New User Groups feature gives you the power to enforce the right level of security for the right people.
Introducing User Groups: The Right Amount of Security for The Right People
There is a balance of restriction and usability that you must strike when implementing a security strategy. Using the new User Groups, you can create a group of everyone who can make changes to your site and give them the freedom to make changes to security settings.
Any user that can make changes to your website becomes a security threat when their access falls into the wrong hands. With great power comes great responsibility. Any group that has the power to change your site has the responsibility to secure their account with two-factor authentication.
Whether you are running an eCommerce shop or a membership site, you have a group of users who don’t have the power to do any damage outside of their account. While it is helpful to give your customers the tools to protect their accounts, it doesn’t mean you have to require them to use them.
How To Create A Custom User Group
To create a custom group, click on the User Groups module from the main page of the Security settings.
Now click on the + New Group Button.
Enter a name for your group and then select the members of your group. User Groups have two different methods of selecting group members.
- The first and recommended method of selection is the WordPress User Roles you already have on your site. Check the boxes next to user role(s) you want to include in this group and then click the Create button to finish creating the group.
- The second method of selection is the WordPress users on your site. Enter the name of the users in the Select Users search field to add the users to the group. Click the Create button to finish creating your new group.
You don’t need to create custom groups to take advantage of the new User Groups. After installing or upgrading iThemes Security Pro, User Groups will automatically create groups from your existing WordPress user roles.
Manage All User Security Settings From One Location
There are several settings in iThemes Security Pro that, by design, will affect how people will interact with your site. Two-factor authentication will require additional verification to log in, and with Password Logins, you use a Magic Link from an email bypassing the traditional WordPress login.
With User Groups, you can quickly see which settings are enabled and make modifications without having to hop around to the different settings in iThemes Security Pro. Click the toggle switch next to a setting to change if it is enabled or disabled.
User Group Settings
- Global – When enabled, the users in the group will be able to access and make changes to the iThemes Security Pro settings.
- Dashboard – Allow the users of the group to create new iThemes Security Dashboards.
- Grade Report – Enable to allow group users to view the iThemes Security Grade report.
- Force Two-Factor – Force the users in the group to use two-factor authentication on their account.
- Disable Two-Factor Onboarding – Disable the two-factor onboarding for users in the group.
- Allow Remembering Device – Allow users to check a “Remember this Device” box that, if checked, will not prompt the user for a Two-Factor code for the next 30 days on the current device. Requires the Trusted Devices feature.
- Applications Passwords – Allow the users in the group to use application passwords.
- User Logging – When enabled, the users in the group will have their activity recorded in the iThemes Security logs.
- Password Logins – Allow the users of the group to use the Passwordless Login method.
- Allow Two-Factor Bypass for Passwordless Login – When using the Passwordless Login method, users in the group will be able to bypass any 2fa requirement.
- Trusted Devices – Enable Trusted Devices for this group.
Updated Security Modules
After making changes to a User Group, the settings will automatically be updated in the corresponding settings module. For example, if we force our Power User Group to use two-factor authentication, the Two-Factor settings will be updated to reflect the change.
If you add or remove the two-factor requirement from inside the Two-Factor settings, the changes will be updated in the corresponding User Group.
New! Frictionless Sync Pro Connection
When connecting a site from the iThemes Sync Pro dashboard, Sync will check to see if iThemes Security Pro is installed. If it is, Sync Pro will hook into Security Pro to complete the connection even if you are securing your WordPress login with two-factor authentication and reCAPTCHA.
User Groups give you a central location to enable the right settings for the right people.
Get the iThemes Security Pro Plugin Today
iThemes Security Pro, our WordPress security plugin, offers 30+ ways to secure and protect your website from common
Each week, Michael puts together the WordPress Vulnerability Report to help keep your sites safe. As Product Manager at iThemes, he helps us continue to improve the iThemes product lineup. He’s a giant nerd & loves learning about all things tech, old & new. You can find Michael hanging out with his wife & daughter, reading or listening to music when not working.