Menu
iThemes
WordPress Security, Backups & Maintenance

Why Go Pro?

Unlock even more features to secure your WordPress site

iThemes Security Pro adds additional layers of protection for your WordPress website you can’t get anywhere else.

Buy iThemes Security Pro
Getting Started with iThemes Security

Top-Notch Security with Affordable Pricing

Choose the plan that’s right for you!

All iThemes purchases include a 30-day money-back guarantee.

Basic

$99

1 Secure Site**

Basic Plan includes:

All Pro Features

Private, ticketed email support

Plugin updates*

Buy Now

Plus

$199

5 Secure Sites

Plus Plan includes:

All Pro Features

Private, ticketed email support

Plugin updates*

Buy Now

Agency

$299

10 Secure Sites

Agency Plan includes:

All Pro Features

Private, ticketed email support

Plugin updates*

Buy Now
The iThemes Security Pro plugin is one of the most robust security plugins available in the WordPress ecosystem. Whether you have a current security threat or are just a smart WordPress user who wants to proactively defend their website, this plugin has all the bells and whistles to stop hackers, spam and malware in their tracks.
Alec Wines
Head of Marketing,
WPBuffs.com
My company has been building websites for 23 years. When we discovered iThemes Security Pro, it solved so many daily problems that we were “hooked.” My team sleeps better at night knowing that hackers are thwarted. Plus, they have the friendliest support team we’ve encountered in our WordPress world!
Sue Polinsky
President,
Getmeonline.today

Scan for the #1 reason WordPress sites get hacked: vulnerable plugins and themes.

iThemes Security Pro protects your site from running plugins and themes with known vulnerabilities so no known exploits can be targeted to hack into your website.

  • Site Scan for Plugin and Theme Vulnerabilities
  • Weekly WordPress Vulnerability Report
  • Version Management
WordPress vulnerabilities
Buy iThemes Security for $99
iThemes Security vs Sucuri
Buy iThemes Security for $99

Monitor for suspicious activity that can indicate a hack or breach.

Hackers purposefully target sites running on the WordPress platform at an extremely alarming rate. In fact, it’s estimated that nearly 91,000 hacking attacks happen on WordPress-powered sites every single minute of the day. That’s why the iThemes Security plugin keeps track of suspicious activity to help you keep track.

  • Real-time website security dashboard that tracks activity
  • File Change Detection
  • User Logging
  • Site lockout email notifications

Secure the most vulnerable parts of your WordPress website, like your login page.

iThemes Security Pro offers several features designed to protect your WordPress login in ways that make it much harder for hackers and bad bots to gain entry to your website.

  • Brute Force Protection
  • Two-factor Authentication
  • Magic login links & passkeys
  • Refuse compromised passwords
  • reCAPTCHA
secure WordPress login
Buy iThemes Security for $99

iThemes Security PRO Exclusive Features

iThemes Security Pro strives to be the premiere WordPress security plugin. Below you can see some of the features that make thousands of websites entrust their business with iThemes Security Pro.

Site Scanner with Automatic Vulnerability Patching

Scans your website for multiple types of vulnerabilities.

  • Checks for known malware, blacklist status, and site errors.
  • Scans for vulnerable versions of WordPress plugins, themes, and core.
  • Automatically updates plugins, themes, and WordPress core if a vulnerability is found.

Trusted Devices
with Session Hijacking Protection

Stops session hijackers and bad actors by allowing you to identify the devices used to login to your website.

  • Allow admin users to approve the devices they frequently use to log in to the site.
  • Blocks admin user logins from unrecognized devices by restricting admin capabilities.
  • Sends email notifications if a user logs in from an unrecognized device.

NEW! Intelligent Settings Import/Export

Quickly export your perfect iThemes Security configuration to a new or existing WordPress site.

  • Perfect for client sites! Speeds up iThemes Security setup across multiple sites. 
  • Control what is included in the settings export, including banned IPs, user groups, and dashboard setup.
  • Connect directly to another site to copy the security configuration.

Two-Factor Authentication

Secures user accounts by requiring both a password and secondary code sent to a device to login.

  • Adds two-factor authentication to the WordPress admin login.
  • Supports common two-factor mobile apps such as Google Authenticator, Authy, FreeOTP, and Toopher.
  • Supports additional methods like email and backup codes.
  • Control by user groups.
  • Users can configure on their User profile page.

Passwordless Logins

A new way to verify a user’s identity without requiring a password to login.

  • Adds more brute force protection by bypassing the normal WordPress login method.
  • Allows users to login to your website either with state-of-the-art passkeys or directly from a link sent securely to their email address.
  • Helps reduce login friction by removing the need for complicated passwords or two-factor codes while maintaining a high level of security.

Breached Password Protection

Integrates with the Have I Been Pwned database to detect whether user passwords have appeared in a data breach.

  • Requires users to use passwords that do not appear in any password breaches deleted by Have I Been Pwned.
  • Strengthen passwords on the site with automated password expiration.
  • Forces users to use strong passwords as rated by the WordPress password meter.

Brute Force Protection

Secures and protects the most attacked part of your website, the WordPress login screen by stopping brute force attacks.

  • Monitors invalid login attempts made to your website to watch for potential brute force attacks.
  • Once an IP or username has made too many consecutive invalid login attempts, they will get locked out and will be prevented from making any more attempts for a set period of time.
  • Uses two types of protection: local and network brute force protection.

File Change Detection

Intelligently scans your website’s files and alerts you when changes occur that may indicate a security breach.

  • File changes can indicate a security breach or hack, so it’s important to know when changes happen.
  • Helps reduce the time it takes to detect a security breach.
  • Alerts you of file changes with an email notification alert.
  • Intelligently identifies legitimate file changes to reduce false positives.

Bot Traffic Protection with reCAPTCHA

Integrates with Google reCAPTCHA to detect and block abusive bot traffic on your website.

  • Helps keep bad bots from attempting to break into your website using compromised passwords, posting spam, and scraping  content.
  • Enable reCAPTCHA for new user registration, reset password, login, and comments.
  • Supports Google reCAPTCHA v2, invisible and v3 (recommended).

Magic Links

Helps make sure bad actors and bots are locked out, but real users can log in.

  • Real users can potentially get locked out if a brute force attack occurs with their username.
  • Magic links allow users to bypass lockouts of their username by the iThemes Security Brute Force Protection Network.
  • Eliminates the need for a website admin to release a user’s lockout before they can login.

User Security Check

Quickly audit and modify the five most critical elements of your user’s security.

  • Helps protect against vulnerabilities related to poor passwords and security practices for Administrator or Editor users.
  • For each user on your site, view two-factor authentication status, password age and strength, last time active, active WordPress sessions, and user role.

Temporary Privilege Escalation

A safe, secure way to add temporary admin access to your website.

  • Makes it easy and safe to grant temporary admin access to outside contractors and support technicians.
  • Allows you to grant a user extra capabilities for a specified amount of time.
  • No need to create a new users every time you need to grant access to your website.

WordPress Security Logs

Helps keep track of important security events on your website.

  • Monitors activity on your site you may not be aware is happening.
  • Can help alert you of a security breach and aide in the repair of a hacked site.
  • Tracks brute force attacks, file changes, site scans, and user activity.
  • Monitors logins,user creation, adding/removing plugins, switching themes, and changes to posts/pages.

WordPress Security Dashboard

Allows you to see data from your WordPress security logs in charts and graphs.

  • Organize all your security activity in a more digestible way.
  • Security Cards break the info from the logs down to easy to consume bite-sized nuggets of data.
  • Quickly take actions such as force password change for all users, send two-factor reminders, and force logouts.

Version Management

Allows you to auto-update WordPress core, plugins, and themes with granular control.

  • Makes it easy and safe to grant temporary admin access to outside contractors and support technicians.
  • Allows you to grant a user extra capabilities for a specified amount of time.
  • No need to create a new users every time you need to grant access to your website.

WordPress Tweaks

A set of advanced tools specifically designed to harden some potential soft spots in WordPress.

  • Increase the security of your website by removing the ability to edit files from the WordPress dashboard and limiting how APIs and users access your site.
  • Includes the option to hide login/hide backend.

User Groups

Control which security settings are applied to groups of users.

  • By default, users will be grouped by their WordPress capabilities.
  • Gives you the confidence you are applying the right level of security to the right users.
  • Easily create custom user groups (great for clients!) for applying website security measures.

Premium Support

Get private, ticketed support with all iThemes Security Pro plans.

  • Our team of WordPress experts have been called “the friendliest support team in the WordPress world.”
  • Most tickets are solved within 1 hour.
  • All premium support tickets are managed through the iThemes Help Desk for privacy and security.

FAQ

After you purchase iThemes Security Pro, you will get an email confirmation with a link to login to the iThemes Member Panel, where you can download your iThemes Security Pro plugin zip file. Use the same username and password you used to complete your purchase to log in to the iThemes Member Panel. From the iThemes Member Panel, navigate to the Downloads page to download the zip file of the plugin. Watch the tutorial. (If you have questions about your purchase, you can always contact us directly.)

Once you’ve downloaded your iThemes Security Pro plugin zip file, follow the standard WordPress plugin installation methods to upload and activate iThemes Security Pro on your WordPress site. For more instructions on downloading and installing iThemes Security Pro, check out this tutorial on installing downloaded plugins. Once you’ve installed iThemes Security Pro, make sure to license the plugin for automatic updates. Next up, follow the plugin’s setup menu to activate the recommended security features.

Your iThemes Security Pro purchase includes a one-year membership subscription to updates and support for the plugin. Your iThemes Security Pro membership includes immediate access to all new versions and features released for iThemes Security Pro during your subscription year, plus ticketed support from the iThemes Help Desk. The membership model is the best way we can provide top-tier support and maintain iThemes Security Pro to guard your site against the latest forms of attacks. After the one-year mark, iThemes Security Pro is still yours to use and keep, but we recommend renewing your iThemes Security Pro subscription to have continued access to updates and new features that are designed for the latest security trends and threats.

We offer a 30-day refund policy. We firmly believe in and stand behind our products 100%, but we understand that they cannot work for everyone all of the time. If you would like to request a refund, please open a “Pre-Sales and Account Services” support ticket. When requesting a refund, we respectfully ask that you meet the following refund policy conditions.

Support for current iThemes Security Pro customers is available from the iThemes Help Desk. If you have questions or need help with iThemes Security Pro, please let us know. Our team of moderators actively respond to support requests (typically within one business day) during normal business hours, Monday – Friday, 8am – 5pm (CST). We also have extensive iThemes Security Pro documentation.

With so many great options out there, iThemes Security Pro stands out from the crowd. Here are comparison guides for iThemes Security vs WordfenceiThemes Security vs SucuriiThemes Security vs JetpackiThemes Security vs Malcare, and finally iThemes Security vs All in One WP Security.

Upgrading from the free version of the plugin to Pro is easy! After your purchase, you’ll receive an email with instructions on how to download iThemes Security Pro from the iThemes Member Panel. Install/activate Pro on your WordPress site, then deactivate/delete the free version. All of your settings will be preserved.

One of the best security practices for a WordPress site owner is keeping software up to date. Because of this, we only test this plugin on the latest stable version of WordPress and will only guarantee it works in the latest version.

Yes. We’re in the process of developing more documentation, so we’ll update this as soon as it’s ready.

Of course! We are in constant need of testers. In addition, we can always use help with translations for internationalization. For more information on contributing to iThemes Security, visit this page.

iThemes Security requires Apache or LiteSpeed and mod_rewrite or NGINX to work. While this security plugin should work on all hosts with Apache or LiteSpeed and mod_rewrite or NGINX, it has been known to experience problems in shared hosting environments where it runs out of resources such as available CPU or RAM. For this reason, it is extremely important that you make a backup of your site before installing on any existing site. If you run out of resources during an operation such as renaming your database table, you may need your backup to be able to restore access to your site. Finally, please make sure you have adequate RAM if you plan to use the file change detector or make large backups.

We have addition FAQs for iThemes Security Pro here. We’re also always standing by to help with your pre-sales questions if you want to contact us. For questions related to iThemes Security Pro after you have made your purchase, you can create a support ticket here.

No. iThemes Security is designed to help improve the security of your WordPress installation from many common attack methods, but it cannot prevent every possible attack. Nothing replaces diligence and implementing the WordPress security best practices. This plugin makes it a little easier for you to apply both.

Copy link
CopyCopied
Powered by Social Snap