Menu
iThemes
WordPress Security, Backups & Maintenance
  • Products
    • iThemes Security Pro
    • BackupBuddy
    • iThemes Sync
    • Why buy from iThemes?
  • Bundles
    • Essentials Bundle
    • Solid Foundations
    • Customer Spotlights
  • Resources
    • Blog
    • WordPress 101 Tutorials
    • WordPress Ebooks
    • Weekly WordPress Vulnerability Report
    • The Ultimate Guide to Starting a Web Design Business
  • Training
    • Upcoming Webinars
    • Free Webinar Library
    • Premium Courses
    • Become a Member
    • Member Login
  • Support
    • Documentation
    • Get Help
    • Product Updates
    • Upgrade Policy
    • Contact
    • Our Mission: Make People’s Lives Awesome
  • Log In

iThemes Security Pro Features

Features
Weekly WP Vulnerability Report
Support
Buy Now

Powerful Tools that Secure & Protect WordPress Without Impacting Performance

Don’t sacrifice site performance for security. iThemes Security protects WordPress while preserving site resources for customers & conversions.

Buy iThemes Security Pro

Site Scanner with Automatic Vulnerability Patching

Scans your website for multiple types of vulnerabilities.

  • Checks for known malware, blacklist status, and site errors.
  • Scans for vulnerable versions of WordPress plugins, themes, and core.
  • Automatically updates plugins, themes, and WordPress core if a vulnerability is found.
Learn more

Trusted Devices
with Session Hijacking Protection

Stops session hijackers and bad actors by allowing you to identify the devices used to login to your website.

  • Allow admin users to approve the devices they frequently use to log in to the site.
  • Blocks admin user logins from unrecognized devices by restricting admin capabilities.
  • Sends email notifications if a user logs in from an unrecognized device.
Learn more

NEW! Intelligent Settings Import/Export

Quickly export your perfect iThemes Security configuration to a new or existing WordPress site.

  • Perfect for client sites! Speeds up iThemes Security setup across multiple sites. 
  • Control what is included in the settings export, including banned IPs, user groups, and dashboard setup.
  • Connect directly to another site to copy the security configuration.
Learn more

Two-Factor Authentication

Secures user accounts by requiring both a password and secondary code sent to a device to login.

  • Adds two-factor authentication to the WordPress admin login.
  • Supports common two-factor mobile apps such as Google Authenticator, Authy, FreeOTP, and Toopher.
  • Supports additional methods like email and backup codes.
  • Control by user groups.
  • Users can configure on their User profile page.
Learn more

Passwordless Logins

A new way to verify a user’s identity without requiring a password to login.

  • Adds more brute force protection by bypassing the normal WordPress login method.
  • Allows users to login to your website directly from a link sent securely to their email address.
  • Helps reduce login friction by removing the need for complicated passwords or two-factor codes while maintaining a high level of security.
Learn more

Breached Password Protection

Integrates with the Have I Been Pwned database to detect whether user passwords have appeared in a data breach.

  • Requires users to use passwords that do not appear in any password breaches deleted by Have I Been Pwned.
  • Strengthen passwords on the site with automated password expiration.
  • Forces users to use strong passwords as rated by the WordPress password meter.
Learn more

Brute Force Protection

Secures and protects the most attacked part of your website, the WordPress login screen, by stopping brute force attacks.

  • Monitors invalid login attempts made to your website to watch for potential brute force attacks.
  • Once an IP or username has made too many consecutive invalid login attempts, they will get locked out and will be prevented from making any more attempts for a set period of time.
  • Uses two types of protection: local and network brute force protection.
Learn more

File Change Detection

Intelligently scans your website’s files and alerts you when changes occur that may indicate a security breach.

  • File changes can indicate a security breach or hack, so it’s important to know when changes happen.
  • Helps reduce the time it takes to detect a security breach.
  • Alerts you of file changes with an email notification alert.
  • Intelligently identifies legitimate file changes to reduce false positives.
Learn more

Bot Traffic Protection with reCAPTCHA

Integrates with Google reCAPTCHA to detect and block abusive bot traffic on your website.

  • Helps keep bad bots from attempting to break into your website using compromised passwords, posting spam, and scraping  content.
  • Enable reCAPTCHA for new user registration, reset password, login, and comments.
  • Supports Google reCAPTCHA v2, invisible and v3 (recommended).
Learn more

Magic Links

Helps make sure bad actors and bots are locked out, but real users can log in.

  • Real users can potentially get locked out if a brute force attack occurs with their username.
  • Magic links allow users to bypass lockouts of their username by the iThemes Security Brute Force Protection Network.
  • Eliminates the need for a website admin to release a user’s lockout before they can login.
Learn more

User Security Check

Quickly audit and modify the five most critical elements of your user’s security.

  • Helps protect against vulnerabilities related to poor passwords and security practices for Administrator or Editor users.
  • For each user on your site, view two-factor authentication status, password age and strength, last time active, active WordPress sessions, and user role.
Learn more

Temporary Privilege Escalation

A safe, secure way to add temporary admin access to your website.

  • Makes it easy and safe to grant temporary admin access to outside contractors and support technicians.
  • Allows you to grant a user extra capabilities for a specified amount of time.
  • No need to create a new users every time you need to grant access to your website.
Learn more

WordPress Security Logs

Helps keep track of important security events on your website.

  • Monitors activity on your site you may not be aware is happening.
  • Can help alert you of a security breach and aide in the repair of a hacked site.
  • Tracks brute force attacks, file changes, site scans, and user activity.
  • Monitors logins,user creation, adding/removing plugins, switching themes, and changes to posts/pages.
Learn more

WordPress Security Dashboard

Allows you to see data from your WordPress security logs in charts and graphs.

  • Organize all your security activity in a more digestible way.
  • Security Cards break the info from the logs down to easy to consume bite-sized nuggets of data.
  • Quickly take actions such as force password change for all users, send two-factor reminders, and force logouts.
Learn more

Version Management

Allows you to auto-update WordPress core, plugins, and themes with granular control.

  • Makes it easy and safe to grant temporary admin access to outside contractors and support technicians.
  • Allows you to grant a user extra capabilities for a specified amount of time.
  • No need to create a new users every time you need to grant access to your website.
Learn more

WordPress Tweaks

A set of advanced tools specifically designed to harden some potential soft spots in WordPress.

  • Increase the security of your website by removing the ability to edit files from the WordPress dashboard and limiting how APIs and users access your site.
  • Includes the option to hide login/hide backend.
Learn more

User Groups

Control which security settings are applied to groups of users.

  • By default, users will be grouped by their WordPress capabilities.
  • Gives you the confidence you are applying the right level of security to the right users.
  • Easily create custom user groups (great for clients!) for applying website security measures.
Learn more

Premium Support

Get private, ticketed support with all iThemes Security Pro plans.

  • Our team of WordPress experts have been called “the friendliest support team in the WordPress world.”
  • Most tickets are solved within 1 hour.
  • All premium support tickets are managed through the iThemes Help Desk for privacy and security.
Learn more

Get Started with iThemes Security Pro Today

(YOU’LL BE GLAD YOU DID!)

All iThemes Security Pro plans come with a 30-day money-back guarantee.

We stand behind our product 100% – see our refund policy

Basic

$80

/ per year

1 Secure Sites**

Basic Plan includes:

All Pro Features, forever

Private, ticketed email support

Plugin updates*

Buy Now

Plus

$127

/ per year

10 Secure Sites

Plus Plan includes:

All Pro Features, forever

Private, ticketed email support

Plugin updates*

Buy Now

Agency

$199

/ per year

Unlimited Secure Sites

Basic Plan includes:

All Pro Features, forever

Private, ticketed email support

Plugin updates*

Buy Now

Agency

$199

/ per year

Unlimited Sites

Basic Plan includes:

All Pro Features

Private, ticketed email support

Plugin updates*

Buy Now

Bundle and save with the Plugin Suite

Plugin Suite

$499

/ per year

Unlimited Sites

Plus Plan includes:

iThemes Security Pro Agency ($199)

BackupBuddy Agency ($199)

Restrict Content Pro Professional with 34 Pro Add-ons ($249)

Private, ticketed email support

Plugin updates*

Buy Now

Bundle and save with the Plugin Suite

Plugin Suite

$499

/ per year

Unlimited Sites

Plus Plan includes:

iThemes Security Pro Agency ($199)

BackupBuddy Agency ($199)

Restrict Content Pro Professional with 34 Pro Add-ons ($249)

Private, ticketed email support

Plugin updates*

Buy Now

* Plugin updates and email support are provided for the duration of your current subscription. All purchases are subject to our terms of use.
** 1-site plan includes an additional site license for a total of two site licenses for staging and/or development purposes.

The Latest WordPress Security News

NEWS & UPDATES FROM OUR TEAM OF WORDPRESS SECURITY EXPERTS

A computer riddled with security issue alerts. There is a large, orange shield with a slash in the middle of the screen. Surrounding it are a red target, a green skull and crossbones, an orange “bug”, a triangle with an explanation point in the middle and a gray gear.

WordPress Vulnerability Report – September 20, 2023

WordPress vulnerability report

WordPress Vulnerability Report – September 13, 2023

WordPress Vulnerability Report

WordPress Vulnerability Report – September 6, 2023

READ MORE POSTS ABOUT WORDPRESS SECURITY

FAQ

After you purchase iThemes Security Pro, you will get an email confirmation with a link to login to the iThemes Member Panel, where you can download your iThemes Security Pro plugin zip file. Use the same username and password you used to complete your purchase to log in to the iThemes Member Panel. From the iThemes Member Panel, navigate to the Downloads page to download the zip file of the plugin. Watch the tutorial. (If you have questions about your purchase, you can always contact us directly.)

Once you’ve downloaded your iThemes Security Pro plugin zip file, follow the standard WordPress plugin installation methods to upload and activate iThemes Security Pro on your WordPress site. For more instructions on downloading and installing iThemes Security Pro, check out this tutorial on installing downloaded plugins. Once you’ve installed iThemes Security Pro, make sure to license the plugin for automatic updates. Next up, follow the plugin’s setup menu to activate the recommended security features.

Your iThemes Security Pro purchase includes a one-year membership subscription to updates and support for the plugin. Your iThemes Security Pro membership includes immediate access to all new versions and features released for iThemes Security Pro during your subscription year, plus ticketed support from the iThemes Help Desk. The membership model is the best way we can provide top-tier support and maintain iThemes Security Pro to guard your site against the latest forms of attacks. After the one-year mark, iThemes Security Pro is still yours to use and keep, but we recommend renewing your iThemes Security Pro subscription to have continued access to updates and new features that are designed for the latest security trends and threats.

We offer a 30-day refund policy. We firmly believe in and stand behind our products 100%, but we understand that they cannot work for everyone all of the time. If you would like to request a refund, please open a “Pre-Sales and Account Services” support ticket. When requesting a refund, we respectfully ask that you meet the following refund policy conditions.

Support for current iThemes Security Pro customers is available from the iThemes Help Desk. If you have questions or need help with iThemes Security Pro, please let us know. Our team of moderators actively respond to support requests (typically within one business day) during normal business hours, Monday – Friday, 8am – 5pm (CST). We also have extensive iThemes Security Pro documentation.

With so many great options out there, iThemes Security Pro stands out from the crowd. Here are comparison guides for iThemes Security vs Wordfence, iThemes Security vs Sucuri, iThemes Security vs Jetpack, iThemes Security vs Malcare, and finally iThemes Security vs All in One WP Security.

Upgrading from the free version of the plugin to Pro is easy! After your purchase, you’ll receive an email with instructions on how to download iThemes Security Pro from the iThemes Member Panel. Install/activate Pro on your WordPress site, then deactivate/delete the free version. All of your settings will be preserved.

One of the best security practices for a WordPress site owner is keeping software up to date. Because of this, we only test this plugin on the latest stable version of WordPress and will only guarantee it works in the latest version.

Yes. We’re in the process of developing more documentation, so we’ll update this as soon as it’s ready.

Of course! We are in constant need of testers. In addition, we can always use help with translations for internationalization. For more information on contributing to iThemes Security, visit this page.

iThemes Security requires Apache or LiteSpeed and mod_rewrite or NGINX to work. While this security plugin should work on all hosts with Apache or LiteSpeed and mod_rewrite or NGINX, it has been known to experience problems in shared hosting environments where it runs out of resources such as available CPU or RAM. For this reason, it is extremely important that you make a backup of your site before installing on any existing site. If you run out of resources during an operation such as renaming your database table, you may need your backup to be able to restore access to your site. Finally, please make sure you have adequate RAM if you plan to use the file change detector or make large backups.

We have addition FAQs for iThemes Security Pro here. We’re also always standing by to help with your pre-sales questions if you want to contact us. For questions related to iThemes Security Pro after you have made your purchase, you can create a support ticket here.

No. iThemes Security is designed to help improve the security of your WordPress installation from many common attack methods, but it cannot prevent every possible attack. Nothing replaces diligence and implementing the WordPress security best practices. This plugin makes it a little easier for you to apply both.

Get updates on new themes & plugins plus special discounts

About iThemes

  • Contact Us
  • Website Accessibility Statement
  • Sitemap

Resources

  • Blog
  • Documentation
  • WordPress Tutorials
  • Free WordPress Ebooks
  • Free Webinar Library
  • Free Upcoming Webinars
  • iThemes Training
  • Affiliates

Customers

  • Member Panel Login
  • Support
  • FAQs
  • Upgrade Policy
  • Licensing
  • Terms and Conditions
  • Refund Policy

Top Products

  • BackupBuddy
  • iThemes Security Pro
  • iThemes Sync
  • Restrict Content Pro
  • WPComplete
  • WordPress Plugins
  • Content Upgrades
  • WordPress Landing Page Plugin
  • BackupBuddy Stash

iThemes Media LLC Copyright © 2023 All rights reserved | Privacy Policy

A Liquid Web Brand © 2022 All Rights Reserved.

Get the Weekly WordPress Vulnerability Report

Vulnerable WordPress plugins and themes are the #1 reason WordPress sites get hacked, but keeping track of every new plugin and theme vulnerability is hard work. Get the weekly WordPress Vulnerability Report delivered right to your inbox to help keep your website secure.

Get the Report

iThemes is Becoming SolidWP

We have been working hard for almost a year to bring you incredible new features in the form of our new and improved brand: SolidWP. Discover what’s new!

Learn more
Copy link
CopyCopied
Powered by Social Snap