Home / Wordpress / Secure WordPress Using iThemes Security – Plugin Guide

Secure WordPress Using iThemes Security – Plugin Guide

According to the reliable resources thousand of sites are hacked each day due to the poor site security. Specially those sites who are hosted their website on WordPress and not manage properly. No doubt WordPress is the best, among all CMS (Content Management System) in the world and much secure than other but but it still need some security configuration after installing the WordPress and that’s the point where WordPress plugins comes and solve our security issues and iThemes Security Plugin is one of them.

In today’s article, we will trying to explain a best iThemes Security guide which helps you to make your wp site secure and bulletproof. First of all download and install latest iThemes Security Plugin(formerly known as Better WP Security) from wordpress.org. After installing and activating the iThemes Security plugin go to security plugin dashboard hai setting up plugin feature.

iThemes Security Plugin Setting Guide

Those who already installed iThemes Security Plugin on their site just visit Security > Settings page to configure site security and take necessary steps to make site bulletproof. Here is settings overview guide…

Global Settings

1- Give Write Permission

2- Notification Email

On second option enter your email address to receive emails about security updates such as brute force attacks.

3- Database Delivery Email

On third box enter your email address where you want to receive backup of your complete database.

4- Host Lockout Message

Leave this option as blank however, you can display a host error message as you want html tags such as a, strong, h1, h2, h3, h4, h5, h6, br, em, div tags can be use to display message.

5- User Lockout Message

Leave this option as blank however, you can display invalid login attempts message in your style html tags such as a, strong, h1, h2, h3, h4, h5, h6, br, em, div tags can be use to display message.

6- Community Lockout Message

Leave this option as blank however, you can display error message if iThemes Security system found user IP as threat. However you can display message in your style html tags such as a, strong, h1, h2, h3, h4, h5, h6, br, em, div tags can be use to display message.

Other options under Global Settings page leave as default and no need to touch anything…

404 Error Detection Setting

404 error detection feature monitor those users who browse/hit large number of non-existent pages. Sometimes hackers try to find vulnerabilities by hitting the large number of 404 non-existent pages. This feature protects your site from such suspicious activities and improve the site security so check this box and leave as default other settings on this menu.

Away Mode

If you update your site once a week or month than this option is for you. Basically away mode feature protect your site from unauthorize access. The options restrict and disable admin access to specific time or date, which is so beneficial and reduce the hacking attacks on your wp site.

Banned Users

This feature gives you ability to block/ban such hosts and user agents, who are involve in illegal activities. Just check HackRepair.com’s blacklist and Ban user feature and then Just enter IP address or user agents value in box and iThemes Security plugin will not give them access to your site.

Brute Force Protection

Brute Force is the most common method used by hackers to hack sites. In brute force attack hackers do unlimited login attempts with different password combinations to access wp site. By enabling this option this security plugin will ban the user or host after 5, 10 or specific failed login attempts.

Database Backup

I love this feature so much because if hackers hacked me or server crash then i can restore my site’s database and make it alive again with all my contents and posts. This feature in iThemes Security can make database backup in daily or weekly basis and can send you via email. Here are some top database backup plugins list.

File Change Detection

If your web server failed to secure you and hackers access your files and make some changes on it. This feature warn you that someone access your site and can modify your core files.

Hide WordPress Login Area

I like this feature so much in iThemes Security by hiding the login area you can reduce brute force attack and control failed login attempts. This feature Hides login page (wp-login.php, wp-admin.php) and making it harder to find. Just change login slug under ‘Hide Login Area’ Tab and check the box ‘Enable the hide backend’ to use this wonderful feature.

Malware Scanning

Malware Scanning feature will scan all your site via VirusTotal.com before you use it you need to signup on it… Don’t Worry Its Totally Free

Secure Socket Layers (SSL)

If SSL is enable in your site then just enable this feature for Login and Dashboard URLs to browse securely.

Strong Passwords

Under this menu and Check ‘Enable strong password enforcement’ feature and select the desired roll to enforce it.

System Tweaks

This feature is packed up with different tools and and you need to do is that check all the sections under System Tweaks Tab such as files, disable directory browsing, filter all request, Long URL Strings, Suspicious Query Strings, Non-English Characters,, File Writing Permissions, Uploads section.

WordPress Tweaks

Check all the sections under WP Tweaks sections such as Generator Meta Tag, EditURI Header, Windows Live Writer Header, Display Random Version, Comment Spam, XML-RPC, File Editor, Login Error Messages, Replace jQuery With a Safe Version and other options in WordPress Tweaks…

We hope this complete post about iThemes Security Plugin Guide helps you to know better way and will perform a fabulous role to protect your site from hackers and crackers.




About tahir

Muhammad Tahir lives in Lahore, Pakistan. Loves to read and write articles about tech and web resources online.

Check Also

Reset WordPress Password using Email, FTP, Emergency Script

In our previous tutorial we showed you how to reset admin password using the phpMyAdmin …

How to Reset WordPress Password using phpMyAdmin

In our previous tutorial we showed you 3 different ways to reset WordPress password but today …

Automatically Share Old WordPress Posts to Social Media

Nowadays social media platforms are the biggest traffic referral source, which peoples use to gain …

5 Best Contact Form Plugins for WordPress

Contact form helps your readers to contact with you.There are 1600+ Contact Form Plugins available to …

Best Free Dropbox Plugins for WordPress

Dropbox is one of the most well-known company, which provide free cloud storage to their …