Built by the WordPress security experts
iThemes Security Pro takes the guesswork out of WordPress security. You shouldn’t have to be a security pro to use a security plugin, so iThemes Security Pro makes it easy to secure & protect your WordPress site.
Limit the number of failed login attempts allowed per user with WordPress brute force protection. If someone is trying to guess your password, they'll get locked out after a few attempts.
If someone manages to get into your site, they'll probably add, remove or change a file. Get email alerts showing any file changes so you know if you've been hacked.
If a bot is scanning your site for vulnerabilities, it will generate a lot of 404 errors. iThemes Security will lock out that IP after the limit you set (20 errors in 5 minutes by default).
Set which level of users on your site (admins, editors, users, etc.) need to have strong passwords. This is one of the best ways to lock down WordPress.
Keep bad users away from your site if they have too many failed login attempts, a lot of 404 errors or if they're on a bot blacklist.
Not making changes to your site 24 hours a day? Harden WordPress by making the admin area inaccessible during specific hours so no one else can sneak in.
Change the default URL of your WordPress login area so attackers won't know where to look. This feature is also great to help clients remember their login link.
Schedule database backups and have them emailed to you. Or you can get BackupBuddy to step up your backup game. Make complete backups and send them to off-site storage destinations.
Get email notifications when someone gets locked out after too many failed login attempts or when a file on your site has been changed.
iThemes Security Pro makes updating your WordPress salts & keys easy. Updating these authentication keys every so often adds another layer of complexity.
iThemes Security Pro compares changes made to any WordPress core file on your system with the version on WordPress.org to determine if the change was malicious.
Add an extra layer of protection to your most vulnerable pages such as the WP login, user registration and comments with Google's reCAPTCHA.
|One-click "Secure Site" WordPress security check|
|Ban bad users|
|Block specific IP addresses and user agents from accessing the site|
|Hide Login & Admin URL|
|Change WordPress salts & keys|
|File Change Detection|
|Remove Windows Live Write header information|
|Remove RSD header info|
|Remove update notifications from specific user roles|
|Remove login error messages|
|Rename 'admin' account|
|Change ID on user with ID 1|
|Change WordPress database table prefix|
|Change wp-content path|
|Force SSL for any post, page, or admin page|
|Turn off file editing in WordPress admin|
|Reduce Comment Spam|
|Local brute force protection|
|Network brute force protection|
|XML-RPC brute force protection|
|Email Notifications & Digest Emails|
|Customizable lockout messages|
|Strong Password Enforcement|
|File Permission Check|
|iThemes Sync Integration|
|Google reCAPTCHA Integration|
|Settings Import & Export|
|WordPress Core Online File Comparison|
|Scheduled Malware Scanning|
|User Action Logging|
|Temporary Privilege Escalation|
|Private Ticketed Support|
Passwords are a critical component of a solid WordPress security strategy. iThemes Security Pro makes it easier for you to enforce strong passwords, so you can have greater WordPress password security.
Use iThemes Security Pro's strong password enforcement settings to add a strong password generator to user profiles, set minimum password character limits, enable password expirations and control the minimum user role for strong password roles.
Strong passwords not enough? With iThemes Security Pro's WordPress two factor authentication, users are required to enter both a password AND a second code sent to a device like your Android smartphone or iPhone.
Both the password and the code are required to log in to a user account, adding an extra layer of security that verifies it’s actually you logging in and not someone who gained access (or even guessed) your password.
iThemes Security uses Sucuri SiteCheck to power the WordPress malware scan feature within the plugin. Sucuri SiteCheck uses a 10-point site check to scan your site for known malware, blacklist status, website errors and out-of-date software. With iThemes Security Pro, you can enable daily malware scanning and receive a notification email if a problem is found.
iThemes Sync offers a secure way to remotely release iThemes Security lockouts and set Away Mode for your site.
iThemes Security Pro's Away Mode feature shuts off access to your site's dashboard. With Sync, you can turn Away Mode on or off remotely on any of your sites running iThemes Security Pro.
Using Sync, you can see the IP addresses for any locked out users. To release lockouts, just click the Release button. All without every having to log into your site.
Developer licensing for
all of our plugins
Secure & protect
Secure & protect
Secure & protect