According to the reliable resources thousand of sites are hacked each day due to the poor site security. Specially those sites who are hosted their website on WordPress and not manage properly. No doubt WordPress is the best, among all CMS (Content Management System) in the world and much secure than other but but it still need some security configuration after installing the WordPress and that’s the point where WordPress plugins comes and solve our security issues and iThemes Security Plugin is one of them.
In today’s article, we will trying to explain a best iThemes Security guide which helps you to make your wp site secure and bulletproof. First of all download and install latest iThemes Security Plugin(formerly known as Better WP Security) from wordpress.org. After installing and activating the iThemes Security plugin go to security plugin dashboard hai setting up plugin feature.
iThemes Security Plugin Setting Guide
Those who already installed iThemes Security Plugin on their site just visit Security > Settings page to configure site security and take necessary steps to make site bulletproof. Here is settings overview guide…
1- Give Write Permission
2- Notification Email
On second option enter your email address to receive emails about security updates such as brute force attacks.
3- Database Delivery Email
On third box enter your email address where you want to receive backup of your complete database.
4- Host Lockout Message
Leave this option as blank however, you can display a host error message as you want html tags such as a, strong, h1, h2, h3, h4, h5, h6, br, em, div tags can be use to display message.
5- User Lockout Message
Leave this option as blank however, you can display invalid login attempts message in your style html tags such as a, strong, h1, h2, h3, h4, h5, h6, br, em, div tags can be use to display message.
6- Community Lockout Message
Leave this option as blank however, you can display error message if iThemes Security system found user IP as threat. However you can display message in your style html tags such as a, strong, h1, h2, h3, h4, h5, h6, br, em, div tags can be use to display message.
Other options under Global Settings page leave as default and no need to touch anything…
404 Error Detection Setting
404 error detection feature monitor those users who browse/hit large number of non-existent pages. Sometimes hackers try to find vulnerabilities by hitting the large number of 404 non-existent pages. This feature protects your site from such suspicious activities and improve the site security so check this box and leave as default other settings on this menu.
If you update your site once a week or month than this option is for you. Basically away mode feature protect your site from unauthorize access. The options restrict and disable admin access to specific time or date, which is so beneficial and reduce the hacking attacks on your wp site.
This feature gives you ability to block/ban such hosts and user agents, who are involve in illegal activities. Just check HackRepair.com’s blacklist and Ban user feature and then Just enter IP address or user agents value in box and iThemes Security plugin will not give them access to your site.
Brute Force Protection
Brute Force is the most common method used by hackers to hack sites. In brute force attack hackers do unlimited login attempts with different password combinations to access wp site. By enabling this option this security plugin will ban the user or host after 5, 10 or specific failed login attempts.
I love this feature so much because if hackers hacked me or server crash then i can restore my site’s database and make it alive again with all my contents and posts. This feature in iThemes Security can make database backup in daily or weekly basis and can send you via email. Here are some top database backup plugins list.
File Change Detection
If your web server failed to secure you and hackers access your files and make some changes on it. This feature warn you that someone access your site and can modify your core files.
Hide WordPress Login Area
I like this feature so much in iThemes Security by hiding the login area you can reduce brute force attack and control failed login attempts. This feature Hides login page (wp-login.php, wp-admin.php) and making it harder to find. Just change login slug under ‘Hide Login Area’ Tab and check the box ‘Enable the hide backend’ to use this wonderful feature.
Malware Scanning feature will scan all your site via VirusTotal.com before you use it you need to signup on it… Don’t Worry Its Totally Free
Secure Socket Layers (SSL)
If SSL is enable in your site then just enable this feature for Login and Dashboard URLs to browse securely.
Under this menu and Check ‘Enable strong password enforcement’ feature and select the desired roll to enforce it.
This feature is packed up with different tools and and you need to do is that check all the sections under System Tweaks Tab such as files, disable directory browsing, filter all request, Long URL Strings, Suspicious Query Strings, Non-English Characters,, File Writing Permissions, Uploads section.
Check all the sections under WP Tweaks sections such as Generator Meta Tag, EditURI Header, Windows Live Writer Header, Display Random Version, Comment Spam, XML-RPC, File Editor, Login Error Messages, Replace jQuery With a Safe Version and other options in WordPress Tweaks…
We hope this complete post about iThemes Security Plugin Guide helps you to know better way and will perform a fabulous role to protect your site from hackers and crackers.