WordPress.org

Plugin Directory

iThemes Security (formerly Better WP Security)

Protect your WordPress site by hiding vital areas of your site, protecting access to important files, preventing brute-force login attempts, detecting

iThemes Security (formerly Better WP Security), #1 WordPress Security Plugin

iThemes Security (formerly Better WP Security) gives you over 30+ ways to secure and protect your WordPress site. On average, 30,000 new websites are hacked each day. WordPress sites can be an easy target for attacks because of plugin vulnerabilities, weak passwords and obsolete software.

Most WordPress admins don't even know they’re vulnerable, but iThemes Security works to fix common holes, stop automated attacks and strengthen user credentials. With one-click activation for most features, as well as advanced features for experienced users, iThemes Security can help protect any WordPress site.

Maintained and Supported by iThemes

iThemes has been building and supporting WordPress tools since 2008. With our full range of WordPress plugins, themes and training, WordPress security is the next step in providing you with everything you need to build the WordPress web.

Get Support and Pro Features

Get added peace of mind with professional support from our expert team and pro features to take your site's security to the next level with iThemes Security Pro.

Pro Features:

  • User action logging - track when user's edit content, login or logout
  • 2-factor authentication - Use Google Authenticator or Authy to send a custom code to your phone when you log in
  • Import/export settings - saves time setting up multiple WordPress sites
  • Password Expiration - Set a maximum password age and force users to choose a new password. You can also force all users to choose a new password immediately (if needed)
  • Generate Strong Passwords - Generate strong passwords right from your profile screen
  • Dashboard Widget - manage important tasks such as user banning and system scans right from the WordPress dashboard.
  • GeoIP banning - coming soon
  • Online file comparison - When a file change is detected it will scan the origin of the files to determine if the change was malicious or not. Currently works only in WordPress core but plugins and themes are coming.
  • Temporary privilege escalation - give a contractor or someone else temporary admin or editor access to your site that will automatically reset itself.
  • wp-cli integration - Manage your site's security from the command line.
  • Google reCAPTCHA - Protect your site against spammers

iThemes Sync Integration

Manage more than one site? Manage away mode, release lockouts and make sure your WordPress site is up to date with iThemes Sync.

New! iThemes Brute Force Protection Network

Network Brute Force Protection takes brute force protection to the next level by further banning users who have tried to break into other sites from breaking into yours. The iThemes Brute Force Protection Network will automatically report IP addresses of failed login attempts to iThemes and will block them for a length of time necessary to protect your site based on the number of sites that have seen a similar attack.

Protect

Hiding parts of your site is helpful, but won't prevent all attacks. In addition to obscuring sensitive areas of your WordPress site, iThemes Security works to protect it by blocking bad users and increasing the security of passwords and other vital information.

  • Scans your site to instantly report where vulnerabilities exist and fixes them in seconds
  • Bans troublesome user agents, bots and other hosts
  • Prevents brute force attacks by banning hosts and users with too many invalid login attempts
  • Strengthens server security
  • Enforces strong passwords for all accounts of a configurable minimum role
  • Forces SSL for admin pages (on supporting servers)
  • Forces SSL for any page or post (on supporting servers)
  • Turns off file editing from within WordPress admin area
  • Detects and blocks numerous attacks to your filesystem and database

Detect

iThemes Security monitors your site and reports changes to the filesystem and database that might indicate a compromise. iThemes Security also works to detect bots and other attempts to search vulnerabilities.

  • Detects bots and other attempts to search for vulnerabilities
  • Monitors filesystem for unauthorized changes
  • Run a scan for blacklists on the homepage of your site
  • Receive email notifications when someone gets locked out after too many failed login attempts or when a file on your site has been changed.

Obscure

iThemes Security hides common WordPress security vulnerabilities, preventing attackers from learning too much about your site and away from sensitive areas like your site's login, admin, etc.

  • Changes the URLs for WordPress dashboard areas including login, admin and more
  • Completely turns off the ability to login for a given time period (away mode)
  • Removes theme, plugin, and core update notifications from users who do not have permission to update them
  • Removes Windows Live Write header information
  • Removes RSD header information
  • Renames "admin" account
  • Changes the ID on the user with ID 1
  • Changes the WordPress database table prefix
  • Changes wp-content path
  • Removes login error messages

Recover

iThemes Security makes regular backups of your WordPress database, allowing you to get back online quickly in the event of an attack. Use iThemes Security to create and email database backups on a customizable schedule.

For complete site backups and the ability to restore or move WordPress easily, check out BackupBuddy by iThemes.

Other Benefits

  • Makes it easier for users not accustomed to WordPress to remember login and admin URLs by customizing default admin URLs
  • Detects hidden 404 errors on your site that can affect your SEO such as bad links and missing images

Tutorials

Learn how to use iThemes Security with our series of in-depth tutorial videos taught by lead developer Chris Wiegman:

Compatibility

  • Works on multi-site (network) and single site installations
  • Works with Apache, LiteSpeed or NGINX (Note: NGINX will require you to manually edit your virtual host configuration)
  • Features like database backups and file checks can be problematic on servers without a minimum of 64MB of RAM. All testing servers allocate 128MB to WordPress and usually don't have any other plugins installed.

Translations

Please let us know if you would like to contribute a translation.

Warning

Please read the installation instructions and FAQ before installing this plugin. iThemes Security makes significant changes to your database and other site files which can be problematic, so a backup is strongly recommended before making any changes to your site with this plugin. While problems are rare, most support requests involve the failure to make a proper backup before installation.

Requires: 4.0 or higher
Compatible up to: 4.2.4
Last Updated: 2015-8-3
Active Installs: 600,000+

Ratings

4.7 out of 5 stars
5 stars 2,936

Support

58 of 162 support threads in the last two months have been resolved.

Got something to say? Need help?

Compatibility

+
=
Not enough data

2 people say it works.
0 people say it's broken.

100,1,1 0,1,0 100,1,1 100,1,1 100,1,1 100,1,1 100,1,1
100,1,1
100,1,1
100,1,1
100,1,1 100,2,2 100,1,1
100,1,1 100,2,2 100,1,1 67,3,2 100,1,1
50,2,1 100,1,1 0,1,0 100,4,4 75,4,3 100,3,3 100,4,4 100,4,4 100,1,1
100,4,4
0,1,0
100,2,2 100,1,1
67,6,4 75,8,6 100,1,1 50,2,1 67,3,2 50,4,2 100,2,2 67,3,2 100,1,1 50,2,1 75,8,6
83,6,5 100,1,1 0,1,0
100,2,2 0,1,0 0,1,0 0,1,0 0,1,0 57,7,4 100,1,1 67,6,4 20,5,1 100,7,7 17,6,1 100,1,1 50,2,1 60,5,3 100,1,1 67,3,2 100,2,2 100,1,1 67,6,4 86,7,6 100,6,6 100,2,2 93,14,13 100,14,14 67,3,2 100,1,1 100,1,1 100,1,1 100,2,2 0,1,0
82,11,9 100,4,4 100,19,19 81,21,17 100,7,7 100,1,1 100,1,1
100,6,6 86,21,18 100,1,1 100,1,1
88,26,23 29,41,12 69,59,41 94,17,16 98,50,49 100,2,2
100,11,11 96,129,124 100,2,2 71,14,10 100,1,1 100,1,1 100,1,1 100,1,1 100,1,1
95,42,40 100,1,1 67,3,2 100,1,1 100,1,1
87,68,59 100,16,16 92,78,72 100,35,35 100,4,4 100,6,6 90,51,46 65,20,13 67,3,2 100,1,1
91,33,30 93,15,14 100,11,11
82,34,28 100,42,42
94,50,47 100,1,1
100,5,5
89,37,33 100,8,8 100,4,4 100,1,1
100,2,2 100,28,28 96,26,25 0,1,0 0,1,0 100,1,1 0,1,0 0,1,0 100,1,1 100,1,1
68,19,13 100,7,7 63,24,15 90,10,9 88,8,7 71,7,5 82,11,9 50,10,5 100,3,3 53,19,10 0,2,0 100,2,2 35,43,15 100,2,2 33,3,1 27,44,12 100,7,7 55,11,6 50,2,1 100,1,1
100,3,3 88,8,7 100,7,7 100,4,4 100,1,1
100,6,6 100,1,1 100,1,1
60,5,3 100,5,5 82,11,9 78,9,7 80,20,16 80,10,8 100,1,1
80,5,4 100,4,4 63,8,5 88,16,14 95,20,19 64,14,9 89,9,8 100,16,16 100,6,6 100,4,4 100,6,6 100,6,6 100,1,1
92,13,12 86,7,6 94,17,16 100,1,1
100,1,1
100,6,6 100,7,7 85,20,17 100,4,4 86,7,6 100,9,9 100,4,4 100,10,10 100,11,11 100,7,7 94,17,16 100,5,5 83,6,5 90,10,9 86,7,6 100,1,1
100,12,12 91,11,10 100,6,6 100,1,1
100,1,1
100,1,1
100,1,1
100,1,1
100,1,1
100,7,7 100,10,10 91,11,10 100,1,1 50,6,3 100,2,2 100,3,3 100,7,7 100,1,1 100,1,1
100,6,6 100,8,8 100,10,10 100,3,3 86,7,6 100,1,1
50,2,1 100,1,1
100,1,1
100,1,1
100,1,1
100,2,2
67,3,2 100,2,2
100,2,2 100,2,2
88,16,14 80,10,8 100,4,4
100,3,3 100,8,8
100,6,6
100,2,2