WORDPRESS LOGIN SECURITY
Secure your WordPress login with several layers of security- Two-Factor Authentication (2FA) – Make your WordPress login nearly impenetrable to attack by requiring users to enter a security code along with a password to login. The iThemes Security plugin allows you to add two-factor authentication to your WordPress login with several authentication methods, including mobile apps like Authy and Google Authenticator, email, and backup codes.
- Password Requirements – Create and enforce a password policy for your users in less than a minute.
- reCAPTCHA (Pro) – Stop bad bots from engaging in abusive activities on your website, such as attempting to break into your website using compromised passwords, posting spam, or even scraping your content.
- Passwordless Logins (Pro) – WordPress security made easy. Secure your user accounts with 2fa & strong passwords while allowing real users login with a click of a mouse.
- Trusted Devices (Pro) – Identify the devices you and other users use to block session hijacking attacks and limit Administrator privileges to Trusted Devices.
THE RIGHT AMOUNT OF SECURITY FOR EVERY USER LEVEL
Different types of user levels require different levels of security. During the iThemes Security setup process, you can identify your website’s key user groups. Once the different types of users are identified, you can apply the level of security that is just right for each user group.Here are a couple of examples of how User Groups are useful for securing your site:
- For Clients – Let’s say you are configuring iThemes Security on a client’s website. You will decide whether or not they are required to use two-factor authentication and if they should have access to the iThemes Security settings.
- For Customers – If you have an eCommerce website, you will decide whether or not you want to protect customer accounts with a password policy.
BLOCK BAD BOTS & BAN USER AGENTS WITH LOCKOUTS
- Ban Users – Permanently block repeat offenders from accessing your site.
Local Brute Force Protection – Automatically identify and stop the most common method of attack on WordPress sites. - Network Brute Force Protection – The network is the iThemes Security community and is over a million websites strong. If someone tries to break into websites in the iThemes Security community, iThemes Security will block them across the network.
- Magic Links (Pro) – Security shouldn’t get in your way. Magic Links allow you to log in to your WordPress site while your username is locked out by the iThemes Security Local Brute Force Protection feature.
MONITOR YOUR SITE’S SECURITY HEALTH
- File Change Detection – iThemes Security logs changes made to your website that can help detect malicious activity on your website.
- Site Scanner (Pro) – Enable twice-daily checks for known vulnerabilities and automatically apply a patch if one is available. Using the Google Safe Browsing API, the Site Scan also checks your Google’s blocklist status and will alert you if Google has found any malware on your website.
- User Logging (Pro) – Keep a record of user activity in your WordPress security logs, including login/logout, user registration, adding/removing plugins, switching themes, changes to posts and pages, and more.
- Version Management (Pro) – The Version Management feature in iThemes Security Pro allows you to auto-update WordPress, plugins, and themes. Beyond that, Version Management also has options to harden your website when you are running outdated software and scan for old websites.
WEBSITE SECURITY UTILITIES
- Enforce SSL – Force all connections to the website to be made over SSL/TLS.
- Database Backups – Create backups of your WordPress database. (Not a complete backup.)
- Geolocation (Pro) – Improve Trusted Devices by connecting to an external location or mapping API.