Title: iTheme Security updates… Last modified: July 14, 2017 --- # iTheme Security updates… * Resolved [livingflame](https://wordpress.org/support/users/livingflame/) * (@livingflame) * [8 years, 9 months ago](https://wordpress.org/support/topic/itheme-security-updates/) * This plugin can be Better! * – More Support for BuddyPress and BbPress (including rtMedia or BP Activity Plus). * – A Firewall or Compatibility with Wordfence. * – More Options (compare your plugin with Other: All In One Wp Security And Firewall). * Necesary functions for BuddyPress: * – Username protection: When you create a Site with WP, the same username is by default your nicename or nickname, this is a problem. You know about Author Enumeration Vulnerability: ?author=1, and this problem has solution, but, the other: username expose, needs manual solution: For Admin: * If you change your nickname in Dashboard / Users this NOT change nothing inside DataBase. So, you need to go: Phpmyadmin / wp_users and change the nicename here. Bad solution for noobs. * And for the others users: Editor, Suscriber, etc. The same problem. * You can see the username of an author if you do right click on the public name( from a post, or wherever), and Inspect (using Chrome). * For new registered I have a function php: * ``` function set_default_display_name( $user_id ) { $user = get_userdata( $user_id ); $name = sprintf( '%s %s', $user->first_name, $user->last_name ); $nickname = sanitize_user( strtolower( str_replace( ' ', '', $name ) ) ); $args = array( 'ID' => $user_id, 'display_name' => $name, 'nickname' => $nickname, 'user_nicename' => $nickname ); wp_update_user( $args ); } add_action( 'user_register', 'set_default_display_name' ); ``` * Well, this code change automatically the nicename or nickname for the name: If the username is wpeditor02 and the name is John Doe, so the nickname is johndoe. And in BuddyPress: [@johndoe](https://wordpress.org/support/users/johndoe/). Problem solved for new users. But, for old users, you need to Update manually nickname by nickname (from Dashboard / Users, because with this code works, but with Keymaster is other case), very tedious. * – A Honeypot for Register Form Check: [https://github.com/pixeljar/BuddyPress-Honeypot](https://github.com/pixeljar/BuddyPress-Honeypot) * – Restricted Emails, only acept valid emails * Function: * ``` add_option('limited_email_domains', array('yahoo.com', 'outlook.com', 'hotmail.com', 'gmail.com')); ``` * If someone tries to register using an invalid email, they immediately receive a message: * This email is not valid. * – Report User Button (Motives: Spam, Explicit Sexual Content, Harassment, False Profile or Identity Theft, Ofensive post, comment or message) * – Ban User: There is a plugin named BAN Users, but is incomplete. Your Ban User functions can be more complete: * . Ban Login . Ban Activity (a banned user can’t posts for 24 hours, 15 days or whatever. Ban upload photos if rtMedia is actived) . Ban Comment (“”) . Ban Send Message and Mentions (public message) (” “) . Ban Add New Friends * – Manual Approval for New User * – Manual Approval for Contents (If rtMedia is active, photos…) * – Force (New Registered) to use Strong Pass. (Optional: Force user to change pass after 1 month, 2 months… whatever) * – WP Emails go to Spam Folder (hotmail…), Yes, this is a problem if you wants a Community with BuddyPress or a Forum with BbPress. Solution: Install WP Mail Bank plugin, use PHPMailer config. But, iThemeSecurity can to includes the same function of Mail Bank. * Sorry for my bad english 😛 * [@ithemes](https://wordpress.org/support/users/ithemes/) [@mattdanner](https://wordpress.org/support/users/mattdanner/) [@gerroald](https://wordpress.org/support/users/gerroald/) [@chrisjean](https://wordpress.org/support/users/chrisjean/) - This topic was modified 8 years, 9 months ago by [livingflame](https://wordpress.org/support/users/livingflame/). - This topic was modified 8 years, 9 months ago by [livingflame](https://wordpress.org/support/users/livingflame/). - This topic was modified 8 years, 9 months ago by [livingflame](https://wordpress.org/support/users/livingflame/). Viewing 1 replies (of 1 total) * Thread Starter [livingflame](https://wordpress.org/support/users/livingflame/) * (@livingflame) * [8 years, 9 months ago](https://wordpress.org/support/topic/itheme-security-updates/#post-9319654) * My full compilation: Security and Speed. Please check all .htaccess and functions. php [LINK GOOGLE DOCS.](https://docs.google.com/document/d/11XthXvWfxB3gkGeu-Ovsahb16e3RbgiFzC8yP03YX_c/edit) * [@ithemes](https://wordpress.org/support/users/ithemes/) [@mattdanner](https://wordpress.org/support/users/mattdanner/) [@gerroald](https://wordpress.org/support/users/gerroald/) [@chrisjean](https://wordpress.org/support/users/chrisjean/) - This reply was modified 8 years, 9 months ago by [livingflame](https://wordpress.org/support/users/livingflame/). Viewing 1 replies (of 1 total) The topic ‘iTheme Security updates…’ is closed to new replies. * ![](https://ps.w.org/better-wp-security/assets/icon.svg?rev=2980272) * [Solid Security – Password, Two Factor Authentication, and Brute Force Protection](https://wordpress.org/plugins/better-wp-security/) * [Frequently Asked Questions](https://wordpress.org/plugins/better-wp-security/#faq) * [Support Threads](https://wordpress.org/support/plugin/better-wp-security/) * [Active Topics](https://wordpress.org/support/plugin/better-wp-security/active/) * [Unresolved Topics](https://wordpress.org/support/plugin/better-wp-security/unresolved/) * [Reviews](https://wordpress.org/support/plugin/better-wp-security/reviews/) * 1 reply * 1 participant * Last reply from: [livingflame](https://wordpress.org/support/users/livingflame/) * Last activity: [8 years, 9 months ago](https://wordpress.org/support/topic/itheme-security-updates/#post-9319654) * Status: resolved