× Cancel Forgot password?
Menu
iThemes
WordPress Backup, Security & Maintenance
  • WordPress Hosting
  • BackupBuddy
  • Security
  • Sync
  • Plugin Suite
  • Toolkit
  • Training
    • WordPress Gutenberg Help
    • WordPress Tutorials
    • WordPress Training Courses
    • Free Upcoming Webinars
    • Free Webinar Library
  • Blog
  • Contact
  • Log In
WordPress security lugin
  • Features
  • FAQ
Buy Now →

The Best WordPress Security Plugin to
Secure & Protect WordPress

Built by the WordPress security experts

iThemes Security Pro takes the guesswork out of WordPress security. You shouldn’t have to be a security professional to use a security plugin, so iThemes Security Pro makes it easy to secure & protect your WordPress website.

Get iThemes Security Pro →

Secure WordPress with a
Trusted WordPress Security Plugin

WordPress Protection with iThemes Security Pro

Your WordPress website needs a WordPress security strategy that includes a trusted WordPress security plugin like iThemes Security Pro. WordPress currently powers over 25% of all websites, so it has become an easy target for hackers with malicious intent.

Make sure your WordPress website is secure and protected with iThemes Security Pro. iThemes Security Pro works to fix common WordPress security issues you may not know exist. By adding an extra layer of protection, iThemes Security Pro helps give you peace of mind—and keeps the bad guys out.

WordPress Security Designed to Keep the Bad Guys Out

Prevent WordPress hacks | WordPress security breaches | WordPress malware | & more

WordPress Brute Force Protection

Limit the number of failed login attempts allowed per user with WordPress brute force protection. If someone is trying to guess your password, they'll get locked out after a few attempts.

File Change Detection

If someone manages to get into your site, they'll probably add, remove or change a file. Get email alerts showing any recent file changes so you know if you've been hacked.

404 Detection

If a bot is scanning your site for vulnerabilities, it will generate a lot of 404 errors. iThemes Security will lock out that IP after the limit you set (20 errors in 5 minutes by default).

Strong Password Enforcement

Set which level of users on your site (admins, editors, users, etc.) need to have strong passwords. Strong password enforcement is one of the best ways to lock down WordPress.

Lock Out Bad Users

Keep bad users away from your site if they have too many failed login attempts, if they generate too many 404 errors, or if they're on a bot blacklist.

Away Mode

Not making changes to your site 24 hours a day? Harden WordPress by making the WordPress dashboard inaccessible during specific hours so no one else can sneak in and attempt to make changes.

Hide Login & Admin

Change the default URL of your WordPress login area so attackers won't know where to look. This feature is also great to help clients remember their login link.

Database Backups

Schedule database backups and have them emailed to you. Or you can get our WordPress backup plugin to step up your backup game. Make complete backups and send them to off-site storage destinations.

Email Notifications

Get email notifications when someone gets locked out after too many failed login attempts or when a file on your site has been changed.

See all 30+ ways iThemes Security protects your site

30+ WordPress Security features in one WordPress Security plugin

One-click "Secure Site" WordPress security check
Ban bad users
Block specific IP addresses and user agents from accessing the site
404 Detection
Hide Login & Admin URL
Change WordPress salts & keys
Away Mode
Database Backups
File Change Detection
Remove Windows Live Write header information
Remove RSD header info
Remove update notifications from specific user roles
Remove login error messages
Rename 'admin' account
Change ID on user with ID 1
Change WordPress database table prefix
Change wp-content path
Force SSL for any post, page, or admin page
Turn off file editing in WordPress admin
Reduce Comment Spam
Local brute force protection
Network brute force protection
XML-RPC brute force protection
Security logs
Email Notifications & Digest Emails
Customizable lockout messages
Strong Password Enforcement
File Permission Check
iThemes Sync Integration
Malware Scan
Dashboard Widget
Google reCAPTCHA Integration
Two-Factor Authentication
Settings Import & Export
WordPress Core Online File Comparison
Scheduled Malware Scanning
User Action Logging
Temporary Privilege Escalation
WP-CLI Integration
Password Expiration
Private Ticketed Support
New! WordPress User Security Check
Get Pro for as little as $80

WordPress Two-Factor Authentication

Extra protection for WordPress User Logins

With iThemes Security Pro's WordPress two-factor authentication, users are required to enter both a password AND a secondary code sent to a mobile device such as a smartphone or tablet. Both the password and the code are required to successfully log in to a user account. Two-factor authentication adds an extra layer of WordPress security to verify it’s actually you logging in and not someone who gained access (or even guessed) your password.

WordPress Two-Factor Authentication Methods Supported By The iThemes Security Pro Plugin

Mobile App

The iThemes Security Pro plugin works with common two-factor authentication mobile apps such as Google Authenticator, Authy, FreeOTP and Toopher.

Email

Time-sensitive codes are supplied via email to the email address associated with the user’s account.

Backup Codes

Provides a set of one-time use codes that can be used to login in the event the primary two-factor method is lost.

Learn More About Two Factor →

Security Dashboard

Monitor Activity with the iThemes Security Dashboard

Looking at your WordPress security log entries can be time-consuming and even difficult to understand. The new iThemes Security Dashboard brings your security logs to life by pulling together related entries and displaying it in a way that is relevant to you.

Learn More About the Security Dashboard →
WordPress user security

WordPress Security Grade Report

See Your WordPress Security Grade + Fix Issues

See an instant WordPress Security Grade Report on the security of your WordPress website. From the report, you can also make the recommended fixes so you can raise your grade and improve the overall security of your website.

iThemes Security takes several factors into consideration when issuing your security grade, including your software and security settings.

Overall Security Grade

Understand the big picture of your WordPress site's security with an overall security grade.

Software + Settings

See details on your software and settings along with action items to improve your grade.

Quickly Resolve Issues

Quickly view and resolve security issues in the order that will boost your grade the most.

More To Come

More features are on the way to help you quickly understand security and resolve any issues.

Trusted Devices with Session Hijacking Protection

With Admin Login Alerts

Add security measures for unknown devices, along with Session Hijacking protection, to lock down your WordPress website and protect it from compromises to user logins.

WordPress user security WordPress user security
Learn More About Trusted Devices →

WordPress User
Security Check

Review & Take Action on User Security

User-level security is absolutely essential for protecting your WordPress sites. Poor security for just one WordPress user account can open up your entire building, or site, to vulnerabilities that lead to hacks.

Use iThemes Security Pro's WordPress User Security Check to assess the security of all your WordPress user accounts at one time and take action on them if needed.

Poor security for just one WordPress user account can open up your entire building, or site, to vulnerabilities that lead to hacks.

Learn More About User Security Check →
WordPress user security WordPress user security

WordPress Malware Scanning

Powered by Sucuri SiteCheck

malware

iThemes Security uses Sucuri SiteCheck to power the WordPress malware scan feature within the plugin. Sucuri SiteCheck uses a 10-point site check to scan your site for known malware, blacklist status, website errors and out-of-date software. With iThemes Security Pro, you can enable daily malware scanning and receive a notification email if a problem is found.

Learn More About Malware Scanning and Scheduling →

WordPress Version Management

DON’T ALLOW OUTDATED SOFTWARE TO PUT YOUR SITE AT RISK

Outdated software — whether it’s WordPress, themes or plugins — puts your sites at risk because security vulnerabilities are often well known. iThemes Security Pro’s new Version Management option can automatically update to new versions of WordPress, themes and plugins, along with increase security measures when a site’s software is outdated.

1

Strengthening & Alerting to Critical Issues

iThemes Security will automatically enable stricter security when an update has not been installed for a month. Additionally, you can also check for other outdated WordPress installs on your hosting account.

2

Automatic Updates for WordPress, Themes & Plugins

Ideal for sites you don’t use frequently or sites that don’t have complex setups, which are often neglected and have a greater risk of having outdated software.

WordPress Password Security

Enforce strong passwords for all users

Passwords are a critical component of a solid WordPress security strategy. iThemes Security Pro makes it easier for you to enforce strong passwords, so you can have greater WordPress password security.

Use iThemes Security Pro's strong password enforcement settings to add a strong password generator to user profiles, enable password expirations and control the minimum user role for strong password roles.

Learn More About Password Security →

WordPress Magic Links

LOG IN WHEN YOUR USERNAME IS LOCKED OUT

The Magic Links feature allows you to log in while your username is locked out by the Local Brute Force Protection feature.

When your username is locked out, you can request an email with a special login link. Using the emailed link will bypass the username lockout for you while brute force attackers are still locked out.

Learn More About Magic Links →

Manage Multiple WordPress Sites with iThemes Sync

Remote management of iThemes Security Pro features

iThemes Sync offers a way to manage multiple WordPress sites from one place. Sync is also a secure way to remotely release iThemes Security lockouts and set Away Mode for your site.

Enable/Disable Away Mode

iThemes Security Pro's Away Mode feature shuts off access to your site's dashboard. With Sync, you can turn Away Mode on or off remotely on any of your sites running iThemes Security Pro.

Release Lockouts

Using Sync, you can see the IP addresses for any locked out users. To release lockouts, just click the Release button. All without every having to log into your site.

Learn More About Sync
iThemes Sync integration

More WordPress Security Features Coming Soon

Based on the latest WordPress security threats

View Public Roadmap View Pricing

Buy iThemes Security Pro Now

(YOU'LL BE GLAD YOU DID.)

Gold
$199 per year

Secure & protect
unlimited sites

  • 1 year of ticketed support
  • 1 year of plugin updates
  • 10 iThemes Sync sites
Buy Now
Freelancer
$127 per year

Secure & protect
10 sites

  • 1 year of ticketed support
  • 1 year of plugin updates
  • 10 iThemes Sync sites
Buy Now
Blogger
$80 per year

Secure & protect
1 site ? Includes 1 bonus site license
for a total of 2 site licenses.

The bonus license can be used to license an additional website or for deployment/staging between two sites. You can also use the bonus site license for an additional site.

  • 1 year of ticketed support
  • 1 year of plugin updates
  • 10 iThemes Sync sites
Buy Now

Simple Yet Smarter WordPress Hosting

LIKE A PERSONAL WEBSITE ASSISTANT

With iThemes hosting, you get smarter, more helpful hosting control panel
+ WordPress site management all in one.

  • Instant WordPress Setup
  • Smarter, More Helpful Control Panel + Site Management in One Place
  • FREE, Automatic SSL Certificate
  • WordPress Backups & Security
  • Website Reports with Vital Website Stats Including SEO, Google Analytics & More
  • 24/7 Support with WordPress Pros

Get all the essential WordPress tools & resources to run your website

WordPress Web Designer's Toolkit

Unlimited site licenses for BackupBuddy
+ Everything we make at iThemes in one bundle, for one low price.

40+ Powerful WordPress Plugins

200 Customizable WordPress Themes

900 Hours of Pro WordPress Training

10+ iThemes Sync Pro Sites

Meet Our Team of WordPress Security Experts

These guys like to make sure your WordPress sites are secure

Chris Jean

CTO

Timothy Jacobs

Developer

Gerroald Barron

Support

Michael Moore

Support

The Latest WordPress Security News

News & updates from our team of WordPress security experts

The Top 5 WordPress Security Myths Debunked
New! Monitor WordPress Security Activity with the iThemes Security Dashboard
How to Add WordPress Security Logs to Your Website
Read more posts about WordPress Security

Other Questions?

How do I upgrade from the free version of iThemes Security to iThemes Security Pro?
After your purchase, you’ll receive an email with instructions on how to download iThemes Security Pro. To preserve your current settings deactivate the free version on your WordPress site, then install Pro. Activate the pro version and delete the Free version.
Why does iThemes Security require the latest WordPress version? Can’t I use a slightly older version?
One of the best security practices for a WordPress site owner is keeping software up to date. Because of this, we only test this plugin on the latest stable version of WordPress and will only guarantee it works in the latest version.
Can a WordPress security plugin completely stop all attacks on my site?
No. iThemes Security is designed to help improve the security of your WordPress installation from many common attack methods, but it cannot prevent every possible attack. Nothing replaces diligence and good practice. This plugin makes it a little easier for you to apply both.
Is “Security Check” feature good enough protection?
The Security Check feature is designed to help save you time and ensure your site is using the recommended security settings. After enabling this you should review all other features for further protection.
Is this plugin only for new WordPress installs or can I use it on existing sites, too?
Many of the changes made by this plugin are complex and can break existing sites. While iThemes Security can be installed on either a new or existing site, we strongly recommend making a complete backup of your existing site before applying any features included in this plugin.
Will this work on all servers and hosts?
iThemes Security requires Apache or LiteSpeed and mod_rewrite or NGINX to work. While this security plugin should work on all hosts with Apache or LiteSpeed and mod_rewrite or NGINX, it has been known to experience problems in shared hosting environments where it runs out of resources such as available CPU or RAM. For this reason, it is extremely important that you make a backup of your site before installing on any existing site. If you run out of resources during an operation such as renaming your database table, you may need your backup to be able to restore access to your site.Finally, please make sure you have adequate RAM if you plan to use the file change detector or make large backups.
Does this work with network or multisite installations?
Yes. We’re in the process of developing more documentation, so we’ll update this as soon as it’s ready.
Can I help?
Of course! We are in constant need of testers. In addition, we can always use help with translations for internationalization. For more information on contributing to iThemes Security, visit this page.
What changes does this plugin make that can break my site?
iThemes Security makes significant changes to your database and other site files which can be problematic for existing WordPress sites. Again, we strongly recommended making a complete backup of your site before using this plugin. While problems are rare, most support requests involve the failure to make a proper backup before installation. DISCLAIMER: Under no circumstances do we release this plugin with any warranty, implied or otherwise. We cannot be held responsible for any damage that might arise from the use of this plugin.Note that renaming the wp-content directory will not update the path in existing content. Use this feature only on new sites or in a situation where you can easily update all existing links. For more information, visit Fixing iThemes Security Lockouts and What is Changed By iThemes Security
Where can I get help if something goes wrong?
Official support for this plugin is available for iThemes Security Pro customers. Our team of experts is ready to help. To access support, please visit the iThemes Member Panel to create a support ticket.
Liquid Web

Get updates on new themes & plugins plus special discounts

About iThemes

  • Our Team
  • #WProsper
  • Testimonials
  • Friends of iThemes
  • Contact Us
  • Privacy Policy
  • Sitemap

Resources

  • Blog
  • Documentation
  • WordPress Tutorials
  • Free WordPress Ebooks
  • Free Webinar Library
  • Free Upcoming Webinars
  • iThemes Training
  • Affiliates

Customers

  • Member Panel Login
  • Support
  • FAQs
  • Getting Started
  • Upgrade Policy
  • Licensing
  • Terms and Conditions
  • Refund Policy

Top Products

  • BackupBuddy
  • BackupBuddy Stash
  • iThemes Security Pro
  • iThemes Sync
  • iThemes Hosting
  • Plugin Suite
  • Toolkit

iThemes Media LLC Copyright © 2019 All rights reserved