iThemes Security – another plug for WordPress security


Wait a minute…We’ve already talked about one plug against burglary and now you’re going to tell me that there’s another? Yes, you’re totally right. iThemes Security is a plug which helps protect a page based on WordPress. In what way?It shows us changes we should introduce and defines them as Low, Medium and High Priority.

Low Priority

This section contains elements which are not that important as others but, of course, it’s very important to remember about them. The following tips provide guidance on what to look for when using the website. First of all, you definitely should run a blocking suspicious hosts module which can also block specific IP adresses. All you have to do is, go to the Settings option and enter the section Banned Users.

What you should block is definietely:

  • HTTP request methods you are not using
  • display non-English characters in URLs
  • the ability to edit code, plugins and WordPress theme with the panel
  • display information about the incorrect log-in

What you should delete is definitely:

  • right to subscribe for config.php and .htaccess files
  • RSD header
  • displaying information about your version of WordPress from all the places where it is displayed

Medium Priority

Some advice plugs, marked as a medium important  may read as follows just like these belows.

What you should block:

  • suspicious looking URL parameters
  • XMLRPC functions
  • execution of PHP code in files in the folder Upload. You’ll minimize the risk of infection through various scripts
  • Public display of author’s profile if the number of its entries is 0

What you should change or turn on:

  • Change the URL of the cockpit WordPress which will protect you from Brute Force attacks
  • Reduce the amount of comments by blocking those from vending machines and bots to link
  • Turn on detecting changes in files
  • turn on the detection of users who repeatedly displays error page 404

High Priority

This section in iThemes Security plug is very important and contains very useful tips which  help to protect your website in a very high level. These tips may look like these below.

What you should require:

  • strong passwords for all types of users
  • all users unique names

What you should do:

  • Allow scan for malware. You will be required to register to obtain the key.
  • Schedule an automatic backup of the database
  • Activate the built-in iThemes Security module Brute Force Protection

To sum up

Well, if your website is based on WordPress, this plugin is your ‘must have’ and that’s a fact. Not only because of helpful and useful tips but also because of the iThemes Security’s Dashboard. It gives us an informations about current user, files system, database and WP configurations.