iThemes Security Review 2018: Hardening WordPress Security

iThemes Security Review 2018: Hardening WordPress Security

Need to protect your WordPress site from hackers? Keep your site locked down and secure with the fully-featured iThemes Security plugin. In our iThemes Security review, you’ll find out how it protects your site from all kinds of security threats, from brute force login attempts to troublesome bots and vulnerabilities.

iThemes Security Review

Why Do You Need a Security Plugin?

It’s true that WordPress is a pretty secure CMS right out of the box. It gets frequent updates to fix any bugs and plug any security holes that arise.

But it’s also one of the most targeted CMSes for hacking, because of its massive popularity.

Despite their best efforts to keep their site safe, most users are not security experts. They may not be aware of security best practices, and unintentionally introduce vulnerabilities by their actions — or lack of action.

Every site is vulnerable. Hackers target all kinds of websites, not just to steal data, but also to spread malicious code to any visitors.

And if your site does get hacked, it can be a huge blow that’s difficult to recover from. Not only do you have to fix your hacked site, but you also have to repair the damage caused to your reputation. Your users may have trouble trusting your site in the future.

About iThemes Security

iThemes Security is the best WordPress security plugin created by WordPress security experts at iThemes. The plugin helps you to secure and protect your WordPress site from all the security threats and provides you a peace of mind. It’s simple and user-friendly; you can use it easily even if you’re a beginner.

The plugin works to fix common security issues and protects your site from hacks, malware, and breaches. It adds an extra layer of protection to your WordPress site so that it becomes hard and impossible for bad guys to break down your site.

The major features of the plugin are brute force protection, file change detection, 404 detection, strong password enforcement, and database backups. Moreover, there’re much more brilliant security features in the plugin. Above all, instant email notifications after threat detection help you to fix the issues quickly.

How iThemes Security Keeps Your Site Secure

iThemes Security has over 30 ways to keep your site safe and secure from hackers, including:

  • Ban the IP addresses of known attackers from logging in to your site
  • Lock out users after too many bad login attempts (similar to Login LockDown)
  • Scan your site to detect malware and other suspicious code
  • Enforce strong passwords for all accounts
  • Force SSL for your dashboard or any page or post, as long as your server supports it
  • Monitor your files for any unauthorized changes
  • Receive email notifications of any suspicious activity on your site
  • Obscures and hides important system information about your WordPress installation
  • …and more

Lock Down Your Site With iThemes Security Pro

The Pro version of iThemes provides more advanced features and automation to save you time and keep your site even more secure, including:

  • 2 Factor Authentication: Set up a mobile app (such as Google Authenticator or Authy) so that only you can log in with your smartphone
  • Malware Scan Scheduling: Automatically scan your site for any suspicious code every day
  • Password Expirations: Force users to create new passwords after a period of time of your choosing
  • Import and Export Security Settings: Quickly set up your other WordPress sites with the same settings
  • Customize Login URL: Prevent people from trying to login to your site by customizing your dashboard login URL

How to Set Up iThemes Security On Your Site

Important: Before installing iThemes Security plugin and activating any of its security features, be sure to make a complete backup of your site. This is because the plugin makes changes to your database and site files which on rare occasions could cause problems with your site.

After installing and activating the plugin, you’ll see a notification to activate iThemes Brute Force Network Protection, which is free. This connects you to the iThemes network, so that known brute force attackers already in their database will be automatically blocked from logging in to your site.

iThemes Security Review - activate brute force api

Just fill out your email address to get the free API key.

Now you can navigate to Security » Settings to choose which security options you’d like to enable.

Looking at the settings screen can be a bit overwhelming with all the options available:

iThemes Security Review - settings

But you’ll notice that the recommended options are automatically shown, while more advanced options are hidden.

Each item has a short description of what it does. You can pick and choose which ones you’d like to enable and configure.

The features with an Enable button are easy to set up: just click the button and it’s set.

The features with a Configure Settings button may require you to review settings or fill out a few options to get started. For example, if you click on Banned Users, you can manually enter specific IP addresses to ban:

iThemes Security Review - banned users

You can also navigate to Security » Security Check to scan your site.

iThemes Security Review - scan your site

Support and Documentation

The explanations provided within the plugin dashboard make it clear what each option does. The FAQ on addresses the most common issues and steps you can take to fix the problem. There are also more help articles available on the official iThemes support site.

For the free version of the plugin, community support is available on the support forums, where users are active in helping each other out. Most support threads are resolved quickly.

iThemes Security Pro users have access to official support from the developers.

Pricing for iThemes Security

iThemes Security features three different pricing plans named as Blogger, Freelancer, and Gold. You can choose a plan depending on the number of sites you want to use iThemes Security on.


Blogger is the basic plan that costs $80 per year and supports one WordPress site. If you’re handling just one website, you can buy this plan.

If you have more than one site and maximum 10 sites, you can buy Freelancer plan. It’s cool for medium scale entrepreneurs and freelancers.

For big agencies, there’s Gold plan. This plan provides you with license for unlimited sites.

All plans include 1 year of ticketed support, 1 year of plugin updates, and 10 iThemes sync sites. iThemes Sync helps you manage multiple WordPress sites from one dashboard including one-click WordPress updates, uptime monitoring, WordPress theme and plugin manager, etc.

iThemes Security vs. WordFence Security

Searching for the best security plugin for your website?

You may have also heard about WordFence Security, another popular free security plugin.

After testing both plugins, we found that while WordFence Security may be a good basic security plugin, it puts significant load on your server and has a clunky user interface. (See our full WordFence Security review.)

iThemes Security does have some features which may slow down your site, such as the File Change Detection features. Anything that continually scans your files will take up resources.

However, because iThemes Security is so customizable, you can pick and choose which features to enable. You can avoid ones that may slow down your site, or only run them during low traffic times.

Our Verdict

We believe that all WordPress websites can benefit from a security plugin — the only question is which one is best for your site.

iThemes Security is one of the most popular and highly rated security plugins in the directory.

We found iThemes Security plugin easy to use, even if you’re not familiar with security jargon or best practices. It clearly explains each feature on your dashboard. While there are a lot of options, they’re presented in a manner that’s not too overwhelming.

We give iThemes Security 4 out of 5 stars. Here is the breakdown of our review scores:

The post iThemes Security Review 2018: Hardening WordPress Security appeared first on IsItWP – WordPress Technology Lookup Tool.

What’s My SEO Score?

Enter the URL of any landing page or blog article and see how optimized it is for one keyword or phrase.

Wordpress Expert

Leave a Reply