Recently, the team at iThemes updated their renowned Better WP Security plugin to include some intuitive security features. They even changed the name, it's now known as “iThemes Security Pro“. Read our recent review here.
1. Right off the bat, you can see exactly what priority security rules should be configured
Why skate from configuration to configuration when you can just get a list of the things you should set up in a prioritized, organized manner? I'd rather not scroll through pages and pages of options and tick a bunch of boxes without knowing what they do or why I should have them enabled/disabled. With this dashboard, setting up iThemes Security Pro on your WordPress site is a breeze.
2. PHP execution in your “Uploads” folder
As WordPress security specialists, we've seen more and more issues with plugin “upload” features. Some of the plugins may even allow PHP POST uploads to your “wp-content/uploads” folder. With time, some of these plugins are not maintained nor updated and they become a liability. If a hacker can exploit one or more of your plugins with an upload feature, they could get a PHP file with malicious code injected and run it. With this feature enabled, they will be unable to run that script. Problem solved.
3. Hide your backend!
One of the coolest features that has just gotten better and better over time is the option to hide the WordPress administration panel under a different alias. The first thing a lot of hacker bots do is look for that wp-login or wp-admin area of your site and they try to brute-force with the “admin” username (so change that as well in the plugin).
4. jQuery version safety
jQuery is a Javascript library capable of allowing developers to easily create some pretty awesome effects that make your site better. Lots of plugins and themes have their own library of jQuery or link to older versions of jQuery that may not be so secure anymore. It's important to keep that updated! iThemes Security integrated a feature in their upgrade that allows you to simply tick one box and use one secure, updated jQuery library across your entire WordPress installation. Because who wants to go through 30 plugins and the site theme to upgrade every instance of one script?
5. iThemes is dedicated to keeping it maintained and adding new features
The team at iThemes is a highly dedicated and intelligent group. They have been working non-stop for the last few months on this upgrade. iThemes has a lot to show for their efforts in the way of newer and improved features for keeping WordPress safe from hackers. In a recent webinar with Chris Wiegman, he revealed that there will be WAY more coming – including a premium version of the plugin loaded with additional features, such as 2-factor authentication and malware detection.
In the way of caveats, there have been numerous (1, 2, 3, 4) reports on the WordPress forums and on some individual blogs of people who have had issues with the upgrade process, including white screens of death (WSOD), users locking themselves out, and more. However the team at iThemes has really been on top of the bugs lately. So we certainly recommend upgrading.
So what do you think? Is updating the plugin a smart move? Let us know if you had any problems in the comments below, or contribute to the #ithemessecurity topic at our Facebook Page and Twitter.
I decided to re-upload the 3.6.6 version of the
plugin when I saw what was happening after the first big change to iThemes 4.0. I was having issues as well. They are possibly on their 8th revision in the past 2 weeks at 4.016 There is one chap named Viktor giving assistance to some, about deleting the data base before updating to the newer versions.
Are you able to shed some light about what iThemes may have removed from the plugin if anything?
A few people in the forums have mentioned that it has lost it’s ability to lockout people accessing a site through a proxy server. Apparently an important feature they said.
They have said the premium version will have enhanced security features.
What are the problems should I decide to stay with an older version 3.6.6 ?
What other plugins compare well with Better WP security ?
Hi Brian,
Before upgrading to the new and improved iThemes Security plugin, I deactivated the Better WP Security Plugin. Then I logged in via SFTP and deleted the plugin and reuploaded the brand new one. Once that was done, I logged into my site and activated it and went through my settings again and it is working great. Usually this is my common practice with any major upgrade to a plugin.
I think alot of people on the forums freaked out right away, but things are only going to get better. I know the lead developer Chris Wiegman personally and I trust his code and knowledge in site security.
I would use the current version of the iThemes Security plugin. It helps secure alot of areas of your WordPress site without having to do them manually. I have not found any other plugin that compares to it thus far.
Hope that helps.