The Best WordPress Security Plugin to Secure & Protect WordPress
Built by the WordPress security experts since 2014
WordPress currently powers over 40% of all websites, so it has become an easy target for hackers with malicious intent. iThemes Security Pro takes the guesswork out of WordPress security to make it easy to secure & protect your WordPress website.
On average, 30,000 websites are hacked every day. Every 39 seconds, a new cyberattack happens somewhere on the web.
It's not a matter of if, but when your site will become a target
300% Increase
in Cyberattacks
This year alone, cyberattacks have increased by 300% as hackers increase their efforts to exploit vulnerable websites with poor security.
50% of All
Hacks & Breaches
Nearly half of all cyberattacks prey on small to medium sized businesses. Hackers know most of them don’t have solid security measures in place.
45% of all
Website Owners
Almost half of all website owners say they don't have solid security measures in place to defend their sites against attacks.
30,000 Websites
Hacked Daily
As hackers become more sophisticated, 30,000 websites are successfully hacked each day, leaving website owners to deal with the destruction.
You need a WordPress security plan to
keep the bad guys out.
All effective website security strategies need these three things: Preparation, Prevention, and Detection
1. Prepare
Effective WordPress security takes education. Armed with a set of WordPress security best practices, you'll be prepared to lock down, secure, and protect your site.
2. Prevent
Know the concrete actions you can take to prevent a hack or security breach from being successful. Anyone who uses your site needs to do their part to prevent targeted, frequent attacks on your website.
3. Detect
If someone manages to hack into your site, you need to know as quickly as possible to limit the damage they can do. Detection is a key part of an overall security strategy to help be much more resilient against a successful attack.
The iThemes Security Pro plugin works 24/7 to secure your site so you can rest a little easier.
Prevent WordPress hacks | WordPress security breaches | WordPress malware | & more
Stops automated attacks
Brute force attacks refer to the trial and error method used to discover usernames and passwords to hack into a website. WordPress doesn’t track any user login activity, so there isn’t anything built into WordPress to protect you from a brute force attack. iThemes Security Pro works to secure and protect the most attacked part of your website, the WordPress login, by blocking these automated attacks.
Monitors for suspicious activity
iThemes Security Pro keeps track of important security events that occur on your website. These events are important to monitor to indicate if or when a security breach occurs. The information found in these records can be used to lockout bad actors, highlight an unwanted change on the site, and help to identify and patch the point of entry of a successful attack.
Strengthens user credentials
The iThemes Security plugin offers several layers of user security protection, from strong password requirements to two-factor authentication to passwordless logins. These important security measures decrease the likelihood that a privileged user account can be used to successfully hack into a site.
Scans for vulnerable plugins and themes to apply updates
The iThemes Security Pro Site Scanner is our way to secure and protect your WordPress website from the number one cause of all software hacks. The Site Scanner checks your site for known vulnerabilities and automatically apply a patch if one is available.
Blocks bad bots and reduces spam
The reCAPTCHA feature in iThemes Security Pro protects your site from bad bots. These bots are trying to break into your website using compromised passwords, posting spam, or even scraping your content. reCAPTCHA uses advanced risk analysis techniques to tell humans and bots apart.
Automatically takes actions on your behalf to secure your site
One of the best parts of the iThemes Security plugin is the actions it will automatically take to secure your site. iThemes Security automatically locks out users, bans user agents and IP addresses, applies version updates, and more, all on your behalf.
30 WordPress Security features in one WordPress Security plugin
Monitors All the Most Important Security Activity Happening on Your Site
Add A Real-Time Security Dashboard in Your WordPress Admin
Every day, lots of activity is happening on your site that you may not be aware of. Many of these activities can be related to your site's security, so monitoring these events is vital to keeping your site secure. The iThemes Security Pro plugin provides a real-time WordPress security dashboard that monitors security-related events on your site 24 hours a day, 7 days a week.
Brute Force Attack Activity
See a graph of the number of brute force attacks happening on your site. You'll probably be amazed by how often your site is under attack.
Banned Users & Lockouts
See the number of users that have been banned by iThemes SecurityPro due to failed login attempts and bot signatures.
User Security Profiles
View important user security metrics like password strength, password age, two-factor status and more.
We Scan For the #1 Reason WordPress Sites Get Hacked: Vulnerable Themes & Plugins
Introducing the iThemes Security Site Scanner
Having a vulnerable plugin or theme for which a patch is available but not applied is the number one culprit of hacked WordPress websites. iThemes Security uses its own Site Scanner to check for known vulnerabilities in your plugins, themes, and WordPress core. The Site Scanner also checks your site's blacklist status, website errors and for out-of-date software. Combined with the power of Version Management, your site will never run software with known vulnerabilities.
Integrated Vulnerability Database
The Site Scanner checks for the latest vulnerability disclosures so your site is updated as quickly as possible.
Checks Google Safe Browsing API
The Site Scan also checks your Google’s blocklist status and will alert you if Google has found any malware on your website.
Automatic Vulnerability Patching
Automatically update themes, plugins, and WordPress core if the version you're running has a known vulnerability.
Email Alerts
During any scheduled site scans, you’ll get an email if iThemes Security Pro discovers any known vulnerabilities.
Make User Accounts 99% Secure
with Two-Factor Authentication
No Need for an Extra Plugin to Secure User Accounts
With iThemes Security Pro's WordPress two-factor authentication, users are required to enter both a password AND a secondary code sent to a mobile device such as a smartphone or tablet. Both the password and the code are required to successfully log in to a user account. Two-factor authentication adds an extra layer of WordPress security to verify it’s actually you logging in and not someone who gained access (or even guessed) your password.
WordPress Two-Factor Authentication Methods Supported By The iThemes Security Pro Plugin
Mobile App
The iThemes Security Pro plugin works with common two-factor authentication mobile apps such as Google Authenticator, Authy, FreeOTP and Toopher.
Time-sensitive codes are supplied via email to the email address associated with the user’s account.
Backup Codes
Provides a set of one-time use codes that can be used to login in the event the primary two-factor method is lost.
Enable Trusted Devices with Session Hijacking Protection
With Admin Login Alerts
Add security measures for unknown devices, along with Session Hijacking protection, to lock down your WordPress website and protect it from compromises to user logins.
Manage Multiple WordPress Sites with iThemes Sync
Remote management of iThemes Security Pro features
iThemes Sync offers a way to manage multiple WordPress sites from one place. Sync is also a secure way to remotely release iThemes Security lockouts and set Away Mode for your site.
Release Lockouts
Using Sync, you can see the IP addresses for any locked out users. To release lockouts, just click the Release button. All without every having to log into your site.
What users and the creators have to say
Don't just take our word for it
My company has been building websites for 23 years. When we discovered iThemes Security Pro, it solved so many daily problems that we were “hooked.” My team sleeps better at night knowing that hackers are thwarted. Plus, they have the friendliest support team we’ve encountered in our WordPress world!
Timothy Jacobs is a WordPress developer at iThemes leading the development of the iThemes Security plugin. He's also a WordPress Core Committer, Component Maintainer of the WordPress REST API, and co-organizes the WP NYC Helpdesk Meetup. He lives in New York City, but Germany is his home away from home.
There are 3 reasons to love iThemes Security Pro:
1. Protects your website against the most common culprits of hacked websites without burning through your site's resources or your wallet.
2. There is no other product that makes it easier to secure your website.
3. We have the best support team. They genuinely care about solving customer issues.
Buy iThemes Security Pro Now
(YOU'LL BE GLAD YOU DID.)
We stand behind our product 100% with a 30-day refund policy.
Secure & protect
1 site
?
Includes 1 bonus site license
for a total of 2 site licenses.
The bonus license can be used to license an additional website or for deployment/staging between two sites. You can also use the bonus site license for an additional site.
- 1 year of ticketed support
- 1 year of plugin updates
The Latest WordPress Security News
News & updates from our team of WordPress security experts
FAQs
- How do I upgrade from the free version of iThemes Security to iThemes Security Pro?
- Upgrading from the free version of the plugin to Pro is easy! After your purchase, you’ll receive an email with instructions on how to download iThemes Security Pro from the iThemes Member Panel. Install/activate Pro on your WordPress site, then deactivate/delete the free version. All of your settings will be preserved.
- Why does iThemes Security require the latest WordPress version? Can’t I use a slightly older version?
- One of the best security practices for a WordPress site owner is keeping software up to date. Because of this, we only test this plugin on the latest stable version of WordPress and will only guarantee it works in the latest version.
- Can a WordPress security plugin completely stop all attacks on my site?
- No. iThemes Security is designed to help improve the security of your WordPress installation from many common attack methods, but it cannot prevent every possible attack. Nothing replaces diligence and good practice. This plugin makes it a little easier for you to apply both.
- Is “Security Check” feature good enough protection?
- The Security Check feature is designed to help save you time and ensure your site is using the recommended security settings. After enabling this you should review all other features for further protection.
- Is this plugin only for new WordPress installs or can I use it on existing sites, too?
- Many of the changes made by this plugin are complex and can break existing sites. While iThemes Security can be installed on either a new or existing site, we strongly recommend making a complete backup of your existing site before applying any features included in this plugin.
- Will this work on all servers and hosts?
- iThemes Security requires Apache or LiteSpeed and mod_rewrite or NGINX to work. While this security plugin should work on all hosts with Apache or LiteSpeed and mod_rewrite or NGINX, it has been known to experience problems in shared hosting environments where it runs out of resources such as available CPU or RAM. For this reason, it is extremely important that you make a backup of your site before installing on any existing site. If you run out of resources during an operation such as renaming your database table, you may need your backup to be able to restore access to your site.Finally, please make sure you have adequate RAM if you plan to use the file change detector or make large backups.
- Does this work with network or multisite installations?
- Yes. We’re in the process of developing more documentation, so we’ll update this as soon as it’s ready.
- Can I help?
- Of course! We are in constant need of testers. In addition, we can always use help with translations for internationalization. For more information on contributing to iThemes Security, visit this page.
- What changes does this plugin make that can break my site?
- iThemes Security makes significant changes to your database and other site files which can be problematic for existing WordPress sites. Again, we strongly recommended making a complete backup of your site before using this plugin. While problems are rare, most support requests involve the failure to make a proper backup before installation. DISCLAIMER: Under no circumstances do we release this plugin with any warranty, implied or otherwise. We cannot be held responsible for any damage that might arise from the use of this plugin.Note that renaming the wp-content directory will not update the path in existing content. Use this feature only on new sites or in a situation where you can easily update all existing links. For more information, visit Fixing iThemes Security Lockouts and What is Changed By iThemes Security
- Where can I get help if something goes wrong?
- Official support for this plugin is available for iThemes Security Pro customers. Our team of experts is ready to help. To access support, please visit the iThemes Member Panel to create a support ticket.