The iThemes Security Pro plugin has over 50 different ways for you to secure and protect your WordPress website. You can enable most of the security methods in iThemes Security Pro with just a click of a button. However, if you can spare a few minutes to dive into the settings, you can add several layers of protection to your WordPress website.
In this post, we are going to give you 5 advanced tips and tricks for iThemes Security Pro to take the security of your website to the next level.
Tip #1 – Protect your WP Dashboard with Trusted Devices
The iThemes Security Pro Trusted Devices feature limits access to the WordPress dashboard to a list of approved devices.
Once you let iThemes Security Pro know which devices are yours, Trusted Devices can protect your site in 2 different ways:
1. Restrict the Capabilities of Unrecognized Devices – When someone logs in using an unrecognized device, you can restrict their administrator-level capabilities and prevent them from editing their login details. iThemes Security Pro will then send an email to the address set in their WordPress user profile.
The unrecognized login email will have the option to either confirm or block the device. If the Confirm Device button is clicked, the user will have their admin capabilities restored. If the This Was Not Me button is clicked, iThemes Security Pro will log out the illegitimate user, and the device the denied device list in the WordPress profile.
2. Session Hijacking Protection – Session hijacking is an attack where a user session is taken over by an attacker. For example, WordPress generates a session cookie every time you log into your website. And let’s say you have a browser extension with a vulnerability that allows hackers to hijack your browser cookie. After hijacking your session, the hacker will be able to start making malicious changes to your website.
If a user’s device changes during a session, iThemes Security will automatically log the user out to prevent any unauthorized activity on the user’s account, such as changing the user’s email address or uploading malicious plugins.
Note: Read the Trusted Devices feature spotlight post to learn more about you can secure and protect your WordPress dashboard.
Tip #2 – Use Google reCAPTCHA v3 to Block Bad Bots
The Google reCAPTCHA feature in iThemes Security Pro protects your site from bad bots. These bots are trying to break into your website using compromised passwords, posting spam, or even scraping your content. reCAPTCHA uses advanced risk analysis techniques to tell humans and bots apart.
This article was written by Michael Moore and originally published on WordPress News and Updates from iThemes – iThemes.