Built by the WordPress security experts
iThemes Security Pro takes the guesswork out of WordPress security. You shouldn’t have to be a security professional to use a security plugin, so iThemes Security Pro makes it easy to secure & protect your WordPress website.
Limit the number of failed login attempts allowed per user with WordPress brute force protection. If someone is trying to guess your password, they'll get locked out after a few attempts.
If someone manages to get into your site, they'll probably add, remove or change a file. Get email alerts showing any recent file changes so you know if you've been hacked.
If a bot is scanning your site for vulnerabilities, it will generate a lot of 404 errors. iThemes Security will lock out that IP after the limit you set (20 errors in 5 minutes by default).
Set which level of users on your site (admins, editors, users, etc.) need to have strong passwords. Strong password enforcement is one of the best ways to lock down WordPress.
Keep bad users away from your site if they have too many failed login attempts, if they generate too many 404 errors, or if they're on a bot blacklist.
Not making changes to your site 24 hours a day? Harden WordPress by making the WordPress dashboard inaccessible during specific hours so no one else can sneak in and attempt to make changes.
Change the default URL of your WordPress login area so attackers won't know where to look. This feature is also great to help clients remember their login link.
Schedule database backups and have them emailed to you. Or you can get our WordPress backup plugin to step up your backup game. Make complete backups and send them to off-site storage destinations.
Get email notifications when someone gets locked out after too many failed login attempts or when a file on your site has been changed.
|One-click "Secure Site" WordPress security check|
|Ban bad users|
|Block specific IP addresses and user agents from accessing the site|
|Hide Login & Admin URL|
|Change WordPress salts & keys|
|File Change Detection|
|Remove Windows Live Write header information|
|Remove RSD header info|
|Remove update notifications from specific user roles|
|Remove login error messages|
|Rename 'admin' account|
|Change ID on user with ID 1|
|Change WordPress database table prefix|
|Change wp-content path|
|Force SSL for any post, page, or admin page|
|Turn off file editing in WordPress admin|
|Reduce Comment Spam|
|Local brute force protection|
|Network brute force protection|
|XML-RPC brute force protection|
|Email Notifications & Digest Emails|
|Customizable lockout messages|
|Strong Password Enforcement|
|File Permission Check|
|iThemes Sync Integration|
|Google reCAPTCHA Integration|
|Settings Import & Export|
|WordPress Core Online File Comparison|
|Scheduled Malware Scanning|
|User Action Logging|
|Temporary Privilege Escalation|
|Private Ticketed Support|
|WordPress User Security Check|
|iThemes Security Pro Dashboard|
|Bypass Lockouts with Magic Links|
|Refuse Compromised Passwords|
With iThemes Security Pro's WordPress two-factor authentication, users are required to enter both a password AND a secondary code sent to a mobile device such as a smartphone or tablet. Both the password and the code are required to successfully log in to a user account. Two-factor authentication adds an extra layer of WordPress security to verify it’s actually you logging in and not someone who gained access (or even guessed) your password.
The iThemes Security Pro plugin works with common two-factor authentication mobile apps such as Google Authenticator, Authy, FreeOTP and Toopher.
Time-sensitive codes are supplied via email to the email address associated with the user’s account.
Provides a set of one-time use codes that can be used to login in the event the primary two-factor method is lost.
Looking at your WordPress security log entries can be time-consuming and even difficult to understand. The new iThemes Security Dashboard brings your security logs to life by pulling together related entries and displaying it in a way that is relevant to you.
See an instant WordPress Security Grade Report on the security of your WordPress website. From the report, you can also make the recommended fixes so you can raise your grade and improve the overall security of your website.
iThemes Security takes several factors into consideration when issuing your security grade, including your software and security settings.
Understand the big picture of your WordPress site's security with an overall security grade.
See details on your software and settings along with action items to improve your grade.
Quickly view and resolve security issues in the order that will boost your grade the most.
More features are on the way to help you quickly understand security and resolve any issues.
Add security measures for unknown devices, along with Session Hijacking protection, to lock down your WordPress website and protect it from compromises to user logins.
User-level security is absolutely essential for protecting your WordPress sites. Poor security for just one WordPress user account can open up your entire building, or site, to vulnerabilities that lead to hacks.
Use iThemes Security Pro's WordPress User Security Check to assess the security of all your WordPress user accounts at one time and take action on them if needed.
Poor security for just one WordPress user account can open up your entire building, or site, to vulnerabilities that lead to hacks.
iThemes Security uses its own Site Scanner to power the WordPress malware scan feature within the plugin. The Site Scanner automatically checks for known malware and vulnerabilities, blacklist status, website errors and out-of-date software. With iThemes Security Pro, you can enable daily malware scanning and receive a notification email if a problem is found.
Outdated software — whether it’s WordPress, themes or plugins — puts your sites at risk because security vulnerabilities are often well known. iThemes Security Pro’s new Version Management option can automatically update to new versions of WordPress, themes and plugins, along with increase security measures when a site’s software is outdated.
iThemes Security will automatically enable stricter security when an update has not been installed for a month. Additionally, you can also check for other outdated WordPress installs on your hosting account.
Ideal for sites you don’t use frequently or sites that don’t have complex setups, which are often neglected and have a greater risk of having outdated software.
Passwords are a critical component of a solid WordPress security strategy. iThemes Security Pro makes it easier for you to enforce strong passwords, so you can have greater WordPress password security.
Use iThemes Security Pro's strong password enforcement settings to add a strong password generator to user profiles, enable password expirations and control the minimum user role for strong password roles.
Passwordless Login is a way to verify a user's identity without actually requiring a password to login. Passwordless login is both safe and simple, increasing the likelihood that the average person will secure their account.
Add passwordless logins to your WordPress site with the iThemes Security Pro plugin. The Passwordless Login method provided by iThemes Security Pro will send you an email with a "magic link," or a link that will log you into WordPress with a click of a button.
iThemes Sync offers a way to manage multiple WordPress sites from one place. Sync is also a secure way to remotely release iThemes Security lockouts and set Away Mode for your site.
iThemes Security Pro's Away Mode feature shuts off access to your site's dashboard. With Sync, you can turn Away Mode on or off remotely on any of your sites running iThemes Security Pro.
Using Sync, you can see the IP addresses for any locked out users. To release lockouts, just click the Release button. All without every having to log into your site.
We stand behind our product 100% with a 30-day refund policy.
Secure & protect
Secure & protect
Secure & protect
1 site ? Includes 1 bonus site license
for a total of 2 site licenses.
The bonus license can be used to license an additional website or for deployment/staging between two sites. You can also use the bonus site license for an additional site.