When it comes to security, you can’t take anything lightly. While WordPress is already a secure platform, it is still wise to use a dedicated security plugin to help ward off the spammers and hackers. There are hundreds of plugins dedicated to security that you can choose from.
They can be broken down into two groups; those that perform a single function and those that are more of an all-in-one solution. These all-in-one security plugins have grown in popularity over the past few years due to their increased sophistication and ability to secure your site in multiple ways. They also can do the job of half a dozen other security plugins and reducing the number of plugins for your site is generally a good thing.
Among all the available all-in-one security plugins for WordPress, the iThemes Security plugin has grown to be one of the best. Formerly known as Better WP Security, iThemes took over the development of the plugin back in March of 2014.
With more than 700,000 active installs and an impressive rating of 4.7 out of 5, iThemes Security lives up to the iThemes brand. In today’s tutorial, I will show you how to use this excellent security plugin to make your WordPress site more secure. Oh, did I mention that it’s free?!
First Things, First
The very first thing you will want to do is backup your site. In fact, you should backup your site before you install any plugin or theme. Don’t become a statistic – one of the thousands of WordPress users who “broke” their site because they didn’t back it up before installing a plugin – read more about how to backup WordPress.
After you have backed up your site, you’ll need to download and install the iThemes Security Plugin from the WordPress plugin directory. Once you activate the plugin, it will create a new menu item titled ‘Security’ in the left navigation of your WordPress dashboard.
The iThemes Security Dashboard
Go to Security > Dashboard. You will be provided with a popup window like the following –
According to the plugin, these are the important first steps to protecting your site. You can safely click on the first three buttons. They will make a backup of your database, allow the plugin to edit some files and enable some default security settings.
The last one will send anonymous usage data to the plugin developers. If you are okay with that, click that button too. Once you are done with the buttons, click ‘Dismiss’ from the bottom-left corner of the popup.
As you can see, the dashboard is divided into several sections. The first few sections provide some tips about getting started. Go through them if you need. The most important section here is ‘Security Status’. This section displays the existing security issues of your WordPress site and divides the issues into four categories – High, Medium, Low and Completed. As you take care of each issue, it will be moved to the Completed category.
Each issue is provided with a ‘Fix it’ button. Clicking on the button will take you to the relevant settings section to take care of the problem. You should definitely resolve all the High and Medium priority issues. Low priority issues are not that serious. However, you should take a look at them and resolve any issue which looks suspicious.
Setting Up iThemes Security Plugin
The below sections will provide you with detailed information about your WordPress file permissions, database, server, PHP information, WordPress configuration etc.
The settings page is also divided into several sections. You can jump to any section by selecting the section from the ‘Go to…’ dropdown list. Most of these sections include security aspects that were included in the security status section of the dashboard. However, feel free to take a look around the available settings and make additional changes if you want.
After making any change, don’t forget to click the ‘Save Changes’ button.
iThemes Security Advanced Options
The advanced page includes a few additional options like renaming the admin user, changing default content directory, changing default database prefix etc. At the very least, if you have not done so already, you will want to change your admin user name if you are still using the default name, ‘admin’. This is default username is well known by hackers and they will try to this information to break into your site. Read why you should change your admin username
Backup Your Website
iThemes Security also lets you create a complete backup of the database of your WordPress site. To do that, head towards the ‘Backups’ page. Click the ‘Create Database Backup’ button. Doing this will create the backup automatically. You will find more backup options in the Settings page.
Keeping your websites safe and secure should be a top prioritiy. iThemes has done an excellent job with their security plugin and I think you should really “kick the tires” on this one. It is a very good option.