Plug in Introduction
Plug in features: (Pro) refers to the function only available in the paid version.
Multilayer secure WordPress login protection
-
Dual authentication (2FA) – By requiring users to enter a security code and password to log in, authentication methods such as Authy and Google Authenticator are supported. -
Password requirements – Create and enforce password policies for your users in less than a minute. -
ReCAPTCHA (Pro) – Prevent malicious robots from abusing your website, such as trying to use leaked passwords to invade your website, publish spam, or even crawl your content. -
Password free login (Pro) – Protect your user account with 2fa and a strong password, while allowing real users to log in with a click of the mouse. -
Trusted Device (Pro) – Identifies the device that you and other users use to prevent session hijacking attacks and limit administrator privileges to trusted devices.
Provide different security levels for different types of user levels
-
For customers – assuming you configure iThemes security on the customer's website, you will decide whether they need to use dual authentication and whether they should have access to iThemes security settings. -
For customers – if you have an e-commerce website, you will decide whether to use a password policy to protect customer accounts.
By locking and blocking malicious robots or user agents
-
Prohibit Users – Permanently prevent repeat offenders from accessing your website. -
Strong local protection – automatically identify and block the most common attacks on WordPress websites. -
Strong network protection – this network is an iThemes security community with more than one million websites. If anyone tries to break into the websites in the iThemes Security community, iThemes Security will stop them through the network. -
Magic Links (Pro) – Magic Links allows you to log in to your WordPress site when your user name is locked by the iThemes Security Local Brute Force Protection function.
Monitor the security health of the site
-
File change detection – iThemes Security records changes to your website, which helps detect malicious activity on your website. -
Site Scanner – Check WordPress core files, plug-ins and themes twice a day for known vulnerabilities. Using the Google Secure Browsing API, Site Scan will also check the status of your Google blacklist. If Google finds any malware on your website, it will remind you. -
Site Scanner (Pro) – Unlock version management to automatically apply patches to vulnerable software detected by site scanning (if available). -
User log (professional version) - record user activities in your WordPress security log, including login/logout, user registration, add/delete plug-ins, switch themes, change posts and pages, etc. -
Version Management (Pro) – The version management feature in iThemes Security Pro allows you to automatically update WordPress, plug-ins, and themes. In addition, version management can strengthen your website when you run outdated software and scan old websites.
Website Security Utility
-
Enforce SSL – Force all connections to the website through SSL/TLS. -
Database backup – Create a backup of the WordPress database. (Not a full backup.) -
Geographic Location (Pro) – Improve trusted devices by connecting to external locations or mapping APIs.
Advanced security tools
-
Identify server IP – Prevent problems caused by unintentional locking of server IP. -
Change User ID 1 – Change the user ID of the first WordPress user. -
Change Database Prefix – Change the database prefix used by WordPress. -
Check file permissions – View file and directory permissions in key areas of your site. -
Server Configuration Rules – View or refresh the server security rules generated by iThemes Security. -
Wp-config.php rule – View or refresh the wp-config.php security rule generated by iThemes Security. -
Change WordPress salt – Protect your website by changing the WordPress salt used to protect cookies and security tokens after a successful attack. -
Hide Login URL – Hiding backend settings can change the login URL of your website.