The best WordPress security plugin to secure & protect WordPress
Built by the WordPress security experts
iThemes Security Pro takes the guesswork out of WordPress security. You shouldn’t have to be a security pro to use a security plugin, so iThemes Security Pro makes it easy to secure & protect your WordPress site.
Lock Down WordPress with iThemes Security Pro
Our WordPress Security Plugin is Designed to Harden WordPress & Protect Your Content
Brute Force Protection
Limit the number of failed login attempts allowed per user with WordPress brute force protection. If someone is trying to guess your password, they'll get locked out after a few attempts.
File Change Detection
If someone manages to get into your site, they'll probably add, remove or change a file. Get email alerts showing any file changes so you know if you've been hacked.
404 Detection
If a bot is scanning your site for vulnerabilities, it will generate a lot of 404 errors. iThemes Security will lock out that IP after the limit you set (20 errors in 5 minutes by default).
Strong Password Enforcement
Set which level of users on your site (admins, editors, users, etc.) need to have strong passwords. This is one of the best ways to lock down WordPress.
Lock Out Bad Users
Keep bad users away from your site if they have too many failed login attempts, a lot of 404 errors or if they're on a bot blacklist.
Away Mode
Not making changes to your site 24 hours a day? Harden WordPress by making the admin area inaccessible during specific hours so no one else can sneak in.
Hide Login & Admin
Change the default URL of your WordPress login area so attackers won't know where to look. This feature is also great to help clients remember their login link.
Database Backups
Schedule database backups and have them emailed to you. Or you can get BackupBuddy to step up your backup game. Make complete backups and send them to off-site storage destinations.
Email Notifications
Get email notifications when someone gets locked out after too many failed login attempts or when a file on your site has been changed.
Change WordPress Salts & Keys
iThemes Security Pro makes updating your WordPress salts & keys easy. Updating these authentication keys every so often adds another layer of complexity.
Online File Comparisons
iThemes Security Pro compares changes made to any WordPress core file on your system with the version on WordPress.org to determine if the change was malicious.
Google reCAPTCHA Integration
Add an extra layer of protection to your most vulnerable pages such as the WP login, user registration and comments with Google's reCAPTCHA.
30+ features to help protect your wordpress site
See all the ways iThemes Security Pro secures and protects your WordPress site.
Two Factor Authentication
Add an important extra layer of login security
Strong passwords not enough? With iThemes Security Pro's WordPress two factor authentication, users are required to enter both a password AND a second code sent to a device like your Android smartphone or iPhone.
Both the password and the code are required to log in to a user account, adding an extra layer of security that verifies it’s actually you logging in and not someone who gained access (or even guessed) your password.
WordPress User
Security Check New!
Review & Take Action on User Security
User-level security is absolutely essential for protecting your WordPress sites. Poor security for just one WordPress user account can open up your entire building, or site, to vulnerabilities that lead to hacks.
Use iThemes Security Pro's WordPress User Security Check to assess the security of all your WordPress user accounts at one time and take action on them if needed.
WordPress Password Security
Enforce strong passwords for all users
Passwords are a critical component of a solid WordPress security strategy. iThemes Security Pro makes it easier for you to enforce strong passwords, so you can have greater WordPress password security.
Use iThemes Security Pro's strong password enforcement settings to add a strong password generator to user profiles, set minimum password character limits, enable password expirations and control the minimum user role for strong password roles.
WordPress Malware Scanning
Powered by Sucuri SiteCheck
iThemes Security uses Sucuri SiteCheck to power the WordPress malware scan feature within the plugin. Sucuri SiteCheck uses a 10-point site check to scan your site for known malware, blacklist status, website errors and out-of-date software. With iThemes Security Pro, you can enable daily malware scanning and receive a notification email if a problem is found.
Integrated with iThemes Sync
Secure, remote management of iThemes Security
iThemes Sync offers a secure way to remotely release iThemes Security lockouts and set Away Mode for your site.
Enable/Disable Away Mode
iThemes Security Pro's Away Mode feature shuts off access to your site's dashboard. With Sync, you can turn Away Mode on or off remotely on any of your sites running iThemes Security Pro.
Release Lockouts
Using Sync, you can see the IP addresses for any locked out users. To release lockouts, just click the Release button. All without every having to log into your site.
The Latest WordPress Security News
News & updates from our team of WordPress security experts
More Pro Features Coming Soon
Buy iThemes Security Pro
Sleep Better Knowing Your Site is Protected by a Trusted WordPress Security Plugin
Other Questions?
- What will I have to change in upgrading from Better WP Security to iThemes Security?
- Most settings from Better WP Security will transfer to iThemes Security except for the Hide Backend Setting. You’ll need to reset your Hide Backend Setting due to a new implementation of the feature. In addition, you’ll still want to review your settings after the update as there are new options you will be able to use.
- Why does iThemes Security require the latest WordPress version? Can’t I use a slightly older version?
- One of the best security practices for a WordPress site owner is keeping software up to date. Because of this, we only test this plugin on the latest stable version of WordPress and will only guarantee it works in the latest version.
- Can a WordPress security plugin completely stop all attacks on my site?
- No. iThemes Security is designed to help improve the security of your WordPress installation from many common attack methods, but it cannot prevent every possible attack. Nothing replaces diligence and good practice. This plugin makes it a little easier for you to apply both.
- Is “one-click” protection good enough?
- One-click protection will help reduce the risk of attack on your site, but we recommend fixing as many high, medium and low priority items in the Security Status section as possible. If you have a plugin or theme that conflicts with an iThemes Security feature, we recommend deactivating the offending feature.
- Is this plugin only for new WordPress installs or can I use it on existing sites, too?
- Many of the changes made by this plugin are complex and can break existing sites. While iThemes Security can be installed on either a new or existing site, we strongly recommend making a complete backup of your existing site before applying any features included in this plugin.
- Will this work on all servers and hosts?
- iThemes Security requires Apache or LiteSpeed and mod_rewrite or NGINX to work. While this security plugin should work on all hosts with Apache or LiteSpeed and mod_rewrite or NGINX, it has been known to experience problems in shared hosting environments where it runs out of resources such as available CPU or RAM. For this reason, it is extremely important that you make a backup of your site before installing on any existing site. If you run out of resources during an operation such as renaming your database table, you may need your backup to be able to restore access to your site.Finally, please make sure you have adequate RAM if you plan to use the file change detector or make large backups.
- Does this work with network or multisite installations?
- Yes.We’re in the process of developing more documentation, so we’ll update this as soon as it’s ready.
- Can I help?
- Of course! We are in constant need of testers. In addition, we can always use help with translations for internationalization. For more information on contributing to iThemes Security, visit this page.
- What changes does this plugin make that can break my site?
- iThemes Security makes significant changes to your database and other site files which can be problematic for existing WordPress sites. Again, we strongly recommended making a complete backup of your site before using this plugin. While problems are rare, most support requests involve the failure to make a proper backup before installation. DISCLAIMER: Under no circumstances do we release this plugin with any warranty, implied or otherwise. We cannot be held responsible for any damage that might arise from the use of this plugin.Note that renaming the wp-content directory will not update the path in existing content. Use this feature only on new sites or in a situation where you can easily update all existing links. For more information, visit Fixing iThemes Security Lockouts and What is Changed By iThemes Security
- Where can I get help if something goes wrong?
- Official support for this plugin is available for iThemes Security Pro customers. Our team of experts is ready to help. To access support, please visit the iThemes Member Panel to create a support ticket.
These guys like to make sure your wordpress sites are secure
Meet our team of WordPress security experts
Jean
Barron