Summary (details below):
|Product name:||iThemes Security Pro|
|Price:||From US$80, but there are multiple options|
|Where to buy:||iThemes|
|What it does:||Comprehensive protection for your website against hackers: locks down system files, brute force protection, daily malware scans, monitors file changes, away mode, hides login URL, 2 factor authentication, password expiry and more (see below)|
Please assume any links on this page are affiliate links. An affiliate link means I will get a small commission if you decide to buy the product, but it will not affect the price you pay. The price you pay is the same, whether you buy it through my link or go directly to the site.
One of the first and best things you should do upon setting up a new WordPress-based website is to immediately strengthen the defence of your site against hackers by installing a professional security plugin.
Why is this important?
WordPress now powers more than 30% of websites online, which makes it a natural target for hackers – in the same way that Microsoft computers and Internet Explorer were.
The WordPress security team is good, and respond quickly to new threats, but you need the additional protection of a strong, all-encompassing security plugin.
And there are a number of good ones available:
- iThemes Security
- Sucuri security
- Bullet proof security
- Acunetix WP security scan
- All in one WP security and firewall
- 65Scan security
Which of those are the best?
Of those, the best 3 are, in my view:
- iThemes Security Pro
- Sucuri Security
All 3 have free versions with optional upgrades to Pro (or premium), and in all cases the upgrade is definitely worth it.
However, a wise move would be to install the free version first and test each of them in turn to find the one you prefer to work with before upgrading.
My favourite, though, is iThemes Security Pro.
Why iThemes Security Pro?
And since a proper backup routine is an essential part of a security strategy I wanted 2 plugins that would work seamlessly together.
These two do it.
A second factor was the user-interface: working my way through the plugin’s settings is a lot more intuitive with iThemes than it was with Wordfence. Plus, iThemes has published a web page (I’ve linked to it below) that takes you through all the settings, explaining each and recommending the one you should use.
This makes it much easier to set up what is a reasonably complicated plugin.
A third factor is that the iThemes security team work very closely with Sucuri, and the plugin integrates scheduled scans by the Sucuri malware scanner. Given the expertise and experience of Sucuri in the area of security management generally and WordPress security management in particular, this was a strong factor for me.
iThemes Security options and settings
Because this plugin is so extensive there is a blizzard of settings you can tinker with.
However, If you’re not into tinkering you can leave the settings at default and your site will still be well protected. That said, it’s always worth it (in my view) to explore a plugin like this when you install it just to learn what to expect, if nothing else.
To help new users of the plugin, the iThemes team has set up a page of suggested settings, along with explanations of each. You can find it here.
Of course, there’s no need to enable all of the settings – for example, I don’t enable the reCAPTCHA setting because I have Two Factor Authentication, or the SSL setting because all my sites are built by default with SSL certificates. There are others I leave disabled as well.
So you can choose to ignore options for which you don’t see a need, or for which you have an alternative in place, and you should ignore any options that could potentially clash with plugins you’re using.
Where an option may conflict with other functions on your site this is made clear in the settings panel, so that’s easy to avoid.
The ones I would definitely recommend you enable, though, are these:
- Global settings
- 404 detection
- Banned users
- Local brute force protection
- File permissions
- Network brute force protection
- SSL, but only if your site is not already operating on SSL (HTTPS)
- System tweaks
- WordPress tweaks
- Malware scan scheduling
- Password requirements
- Two factor authentication
- User logging (but only if you have other users beside yourself)
- iThemes security logs
For these sections of the plugin following the recommended settings as set out on this page will provide you with the optimum level of protection.
You can also download a PDF with all the settings clearly set out – click here to download it.
The support from iThemes is business hours Monday to Friday, and by ticket/email only – i.e. no chat or telephone support. I don’t mind the ticket/email format, but the Monday to Friday schedule is a bit disappointing because if anything goes wrong at the beginning of the weekend you have a couple of days to wait before you can get help.
That said, the support is extremely helpful and effective. I have always had problems resolved quickly, efficiently and thoroughly.
When a more complicated problem arises, the iThemes support person who responds to your query will see it through to completion, without escalating the problem to a ‘Senior engineer’, or a second level support group, where you have to go through the entire problem from the beginning again.
They have even installed other plugins on their machines and tested conflicts with them on the odd occasion I have found a clash between another plugin and Security Pro. When they’ve found the problem, they’ve given me snippets of code to add to my installation to resolve it prior to releasing an updated version of the plugin.
This has only happened once or twice in all the years I’ve been using iThemes products – and they were with big, complex plugins like Woo Commerce and WPML.
But I was very impressed with that.
Visit the iThemes website to get more details:
What steps next?
Firstly I recommend you install a security plugin, if you haven’t done so already..!
Secondly, I recommend you try the free versions of Wordfence, Sucuri Security and iThemes security to see which you like using – they are all good plugins and you will get good protection from all of them.
Look at things like the user interface and the range of areas that each covers (e.g. do they all offer daily malware scans? Do they all enable you to hide your login URL?)
When you have found the one with which you’re the most comfortable then upgrade that one to the Pro or Premium version.
Why iThemes Security Pro?
As I said earlier, the reasons I chose iThemes Security Pro are:
- I found the user interface to be the most intuitive
- iThemes provides (and maintains) recommended settings (along with descriptions) both online and as a downloadable PDF
- It works closely with, and incorporates scheduled malware scans from Sucuri
- It works closely and well with iThemes’ BackupBuddy – and a strong backup routine is an essential part of a security strategy
To get the details on iThemes Security Pro please visit their website:
Do you use a security plugin on your website? If so, which one? If you have any questions or thoughts please leave a comment below and I’ll get back to you 🙂
Owner – WP Security Basics