iThemes Security Plugin

The Best WordPress Security Plugin to Secure & Protect WordPress

iThemes Security Plugin is one of many plugins that offers a free version with more limited protection, and a premium version that offers more complete protection.

Previously known as Better WP Security, the iThemes Security Plugin advertises the following features:

  • Brute Force Protection - users who try to login too many times will be blocked. 
  • File Change Detection - malicious actors in your system will often modify core wordpress files to insert their own code. File Change Detection will monitor for these changes and alert you if any are discovered.
  • Strong Password Enforcement - allows you to set password rules by user account type - you can require admins to have stronger passwords than users for example (although in my opinion, password rules should be applied across the board).
  • Two Factor Authentication - the ability to secure the login using one of the 2FA Authenticator apps, such as Google Authenticator. Whether you do this via iThemes Security Plugin or another plugin, this is something that all admin accounts should have enforced. In the iThemes plugin, it's only a feature of the premium version, but the functionality is available on alternative free plugins.
  • Malware Scanning - This actually uses Sucuri's online free scanner, so it's not scanning the file system or database, but the publicly accessible pages. While this can give valuable information, it can't catch everything. The pro version allows you to schedule daily scans.
  • Passwordless Logins - Just offered by the pro version - allows login via a link sent to your email.

The free version offers pretty good security, the premium version offers a bit more, and is reasonably priced (currently $80/year for one site, $199/year for any number of sites).