iThemes Security Pro takes the guesswork out of WordPress security. You shouldn’t have to be a security pro to use a security plugin, so iThemes Security Pro makes it easy to secure & protect your WordPress site.
Brute Force Protection
Limit the number of failed login attempts allowed per user with WordPress brute force protection. If someone is trying to guess your password, they'll get locked out after a few attempts.
File Change Detection
If someone manages to get into your site, they'll probably add, remove or change a file. Get email alerts showing any file changes so you know if you've been hacked.
If a bot is scanning your site for vulnerabilities, it will generate a lot of 404 errors. iThemes Security will lock out that IP after the limit you set (20 errors in 5 minutes by default).
Strong Password Enforcement
Set which level of users on your site (admins, editors, users, etc.) need to have strong passwords. This is one of the best ways to lock down WordPress.
Lock Out Bad Users
Keep bad users away from your site if they have too many failed login attempts, a lot of 404 errors or if they're on a bot blacklist.
Not making changes to your site 24 hours a day?Harden WordPress by making the admin area inaccessible during specific hours so no one else can sneak in.
Hide Login & Admin
Change the default URL of your WordPress login area so attackers won't know where to look. This feature is also great to help clients remember their login link.
Schedule database backups and have them emailed to you. Or you can get BackupBuddy to step up your backup game. Make complete backups and send them to off-site storage destinations.
Get email notifications when someone gets locked out after too many failed login attempts or when a file on your site has been changed.
Change WordPress Salts & Keys
iThemes Security Pro makes updating yourWordPress salts & keys easy. Updating these authentication keys every so often adds another layer of complexity.
Online File Comparisons
iThemes Security Pro compares changes made to any WordPress core file on your system with the version on WordPress.org to determine if the change was malicious.
Google reCAPTCHA Integration
Add an extra layer of protection to your most vulnerable pages such as the WP login, user registration and comments with Google's reCAPTCHA.