Today, we released a new feature in iThemes Security Pro (version 2.9.0+) that helps protect your sites against outdated software on your WordPress site, as well as other WordPress installs on your hosting account, called WordPress Version Management.
Outdated software — whether it’s WordPress, themes or plugins — puts your sites at risk because security vulnerabilities are often well known.
In fact, you can see a list of WordPress, theme and plugin vulnerabilities here.
WordPress Version Management in iThemes Security Pro
iThemes Security Pro’s new Version Management option can automatically update to new versions of WordPress, themes and plugins, along with increase security measures when a site’s software is outdated. Additionally, it can scan for other out of date WordPress sites that may be installed on your hosting account.
Two New Ways to Protect Your WordPress Sites
1. Automatic Updates for WordPress, Themes and Plugins
This option is ideal for sites you don’t use or engage with frequently or don’t have complex setups, like brochure sites, which are often neglected and thus have a greater risk of having outdated software.
WordPress update notice
- WordPress Automatic Updates – All WordPress updates are automatically installed when available. Currently, WordPress does not automatically update for major point releases, so for most default WordPress installs, you’re still required to manually make these updates.
- Plugin Automatic Updates – All plugin updates are automatically installed when available. Use this if you’ve got a set of plugins you trust from reputable sources and aren’t worried about rare compatibility conflicts.
- Theme Automatic Updates – All theme updates are automatically installed when available. Use this if you’ve put your theme customizations in a child theme, so as to not override your customizations by updating the parent theme.
2. Strengthening and Alerting to Critical Issues
- Strengthen Site When Running Outdated Software – iThemes Security will automatically enable stricter security when an update has not been installed for a month. This will harden your website security in a couple of key ways. First, it will force all users that do not have two-factor enabled to provide a login code sent to their email address before logging back in. Second, it will disable the WP File Editor (in order to block people from editing plugin or theme code), XML-RPC ping backs and block multiple authentication attempts per XML-RPC request (both of which will make XML-RPC stronger against attacks without having to completely turn it off).
- Scan for Other Old WordPress Sites – This will checks for other outdated WordPress installs on your hosting account. A single outdated WordPress site with a vulnerability could allow attackers to compromise all the other sites on the same hosting account.
- Send Email Notifications – An email is sent to admin-level users whenever issues that require user intervention occur.
How to Use WordPress Version Management in iThemes Security Pro
1. Make sure you’re running iThemes Security Pro 2.9.0 or higher.
2. Navigate to the iThemes Security Settings page. From here, navigate to the Version Management module.
Click the Configure Settings button.
3. From this screen, you can activate the Version Management features that would most benefit your setup.
4. Click Save Settings to confirm your changes and activate the WordPress version management features.
Keep Your WordPress Site Secure with WordPress Version Management, WordPress User Security Check, Two-Factor Authentication & More
Add an extra layer of protection to your WordPress site with the WordPress security plugin iThemes Security Pro. Along with WordPress Version Management, you also get two-factor authentication, scheduled WordPress malware scanning and much more.
Check out all the reasons to go Pro here.
This is an interesting feature. It would be WAY cooler if it actually scanned the database of known vulnerabilities against what you have installed and reported problems. Automatic updates are problematic, particularly theme updates, as they often break a site and need a lot of testing before deploying in production.