iTheme Security (formerly Better WP Security) is one of the most comprehensive WordPress security plugins. It has more than 2.5million downloads on WordPress plugin repo. The plugin offers you wide range of excellent features to protect your site from hackers and other malicious things. iThemes security is a perfect plugin to strengthen your WordPress site’s security.

iThemes security lists all security issues and suggest fixes. This makes it easy for users to improve the security on their WordPress site.

iThemes security plugin features

iThemes security offers you 30+ ways to secure your website. Some of them are:

  • The plugin offers you Brute Force Protection which locks user with too many invalid login attempts.
  • You can get e-mail notifications if someone adds or removes any file.
  • It scans your complete website and detects all the vulnerabilities and issue.
  • It also detects attacks to your filesystem and database.

You can see full feature list here.

The article is a step by step introduction and installation guide. We have tried to explain the setup process of iThemes security plugin and it’s functionality.

How to setup iThemes Security Plugin?

It takes a few minutes in installation and configuring iThemes Security plugin. You can download this plugin manually from or you can install it from your WordPress admin panel.

Check: How to install a WordPress plugin.

Note: It is advised to create a backup of your site. You can use a free or premium backup plugin.

As soon as you activate this plugin you will see a message - iThemes security is almost ready.


Click on Secure Your Site Now button. When you click on this option, a pop up with helpful “Important First Steps” appears.


In the above screenshot there are 4 steps.

Step 1: Backup Your site - This option creates a basic database backup and automatically sends you the backup file via e-mail. Click on “Make a backup” to create a backup of your database.

Check: 9 Best Free & Premium Backup Plugins for WordPress.

Step 2: Allow File Updates- There are some functions in this plugin which require editing your wp-config.php and .htaccess file. When you click on “Allow File updates” button, it will automatically update these files.

Step 3: Secure your site- Once you click on “Secure your site” button all the default settings of the plugin are enabled which are recommended for you to secure your site.

Step 4: Help us improve- When you click on “Yes I’d like to help” button, iThemes security plugin will collect anonymous data about the features you use and improves the plugin.

Once you enable all the above steps you’ll see the scree like below:


Click on Dismiss option at the bottom right corner to close this pop up. Once you close the pop up you will see iThemes security Dashboard.


You can see Security status section on the dashboard. This section allows you to see a list of High, Medium and low priority security issues that your site is having. It also provides you the option to fix these issues. High Priority issues are recommended to be fixed first.


Once you fix these issues, they are entered in Completed section in which you can see secured item. Next step is to configure the settings of this plugin by clicking on Settings tab.

The Setting Tab

You can customize your security setup feature by feature. There are 13 sections available in the Setting tab. You can use drop down to easily navigate between these sections of the setting page.


Choose any section and configure the settings as per your need. The13 sections available in the setting tab are:

  • Global settings: This section allows automatic modification in wp-config.php and .htaccess files. It also allows you to send security notifications and backup files via e-mail. It also gives you the option to lock users and sends e-mail when any user is locked,
  • 404 detection: 404 detection section allows to those users who are getting 404 errors number of times and accessing non-existing page.
  • Away Mode:  This section allows you to limit the access to the WordPress dashboard.
  • Banned users: This section allows you to ban the users and hosts. If any user found in this list can’t access your site.
  • Brute Force Protection: This section allows you to ban the users who are trying number of invalid login attempts to access your site. You can set the maximum login attempts for hosts and users.
  • Database backup:  In this section you can create full database backup or you can also create a backup of particular section. You can also set number of backup you want to kept on disk. You can also schedule automated backup.
  • File Change Detection: This section alerts you when any of your files have changed in your WordPress installation folder.
  • Hide Login Area: This section allows you to hide the backend features from automated attacks.
  • Malware Scanning: This section allows you to scan all the malwares in your WordPress website.
  • Secure Socket layers: If you enable this feature then it is difficult for the attacker to steal the login details of your site. This feature encrypts the data of your website and secure your webite.
  • Strong Passwords: This section forces users to use strong password for their WordPress account.
  • System tweaks: This section has some advanced settings used to strenghten the security of your WordPress website.
  • WordPress tweaks: This section also has some advanced settings that are used to strenghten the security of your WordPress website.

Note: Test your site after enabling these settings because these some of the settings might conflict with other themes and plugins.

The Advanced Tab

The Advanced tab consists more advanced settings. The settings on this page improves the security of your website. On the Advanced settings page you can change the admin user, change content directory and change the database prefix. Before change the settings on this page it is recommended to keep the backup of your website. If you remove this plugin then settings will not be reversed.


The Backup Tab

This section of the plugin creates a backup of database to restore and protect your site from any malicious attack. You can create a database backup and also adjust settings by clicking on “Adjust Backup Settings”. There is an option available where you can create a backup of complete database or you can choose any option to create a backup.

database_backup You can also schedule you database backup by enabling Schedule Database backup.

Logs & Help Tab


This section keeps logs of all the files change and invalid login attempts collected by iThemes security. You can also get the information about the level of success in your security efforts and also know what is happening to your site.


If you need any help with this plugin, you can click on Help tab. There are experts and a support team that helps you when your site has been hacked. It’s a paid service.

iThemes Security Pro

You can upgrade to iThemes security pro for more features, security upgrades and better support. They also have a well laid out roadmap which looks promising. So, if you are an online entrepreneur, investing in iThemes Security Pro will be a good decision.

About author

Kriti Jain

Kriti is a passionate blogger and WordPress wanderer. She explores WordPress everyday and shares her findings with the web world.