iThemes Security Pro Review PROS & CONS (2024) How Good It Is In Protecting Site?

iThemes Security Pro


Easy to use






Overall quality



  • Brute Force Protection
  • File Change Detection
  • Strong Password Enforcement
  • Lock Out Bad Users
  • Away Mode
  • Hide Login & Admin
  • Database Backups


  • It could break your site
  • It doesn't always interact well with certain web hosting providers
  • It is not bulletproof
  • You might need to edit htaccess file for certain features

Many websites get hacked each day. With this in mind, you have to treat your WordPress site like it’s your own physical property. You take security measures to lock up your house and install a security alarm so that no strangers break inside. Why not treat your WordPress site like it’s your own virtual home?

You can do this by purchasing and installing iThemes Security Pro. Rated the number one security plugin for WordPress, this plugin is well worth the money and is comparable to some of the most advanced security plugins on the market today.

In this iThemes Security PRO review, I will show you what this security plugin offers, its features and settings, as well as pros and cons. I will show what you get in the free version and which additional options are available in paid. At the end of the post, you can also find iThemes Security PRO vs Wordfence Premium comparison.


iThemes Security Pro Review – Why Choose iThemes?

Security is something to take very seriously. You didn’t build your website, your business, and your reputation overnight, but an unexpected hacker can knock it all down in just a few seconds.

iThemes Security Pro is a WordPress plugin that is designed and programmed by tech experts who specialize in WordPress and internet security.

The purpose of iThemes Security Pro is simply to ensure that you and other possible employees are the only people who can access your dashboard and touching your content.

This plugin is considered by many to be an outstanding security measure to keep your business and website growing without the hitches or setbacks that come from being hacked.


best free wordpress security plugin

ithemes security free vs pro
Few of 36 iThemes Security ways to protect your website.


This is not a set-it-and-forget-it plugin. To be sure that nothing compromises your site, proper participation, and monitoring on your end is required.

iThemes Security has 36 ways to keep your site safe from hackers’ attacks. Some of these measures include:

  • Banning IP addresses of known hackers so that they can’t access your website.
  • Mandating the use of strong passwords for all accounts.
  • Monitor all files for unauthorized changes.
  • Hiding and obscuring system information regarding your WordPress installation from public view.
  • Locking out users after a certain number of unsuccessful login attempts.
  • Sending you email notifications about any potentially suspicious activity on your website.
  • Requiring SSL for your dashboard and any post or page, provided that your web server supports it.
  • Scanning your site for malware, viruses, and suspicious code.

iThemes Security has a free and a pro version, which they differ in a number of options provided.


iThemes Security FREE vs PRO Differences

After installation is complete, click the “Security” tab, and you will have instant access to a plethora of productive features and options. Depending on if you have the free or paid version, you will have more or less available settings.

iThemes Security FREE vs PRO

All free version features are also available in the PRO version, but PRO features only in the paid version of iThemes Security plugin:

  • Security Check – Lets you know if you are using the features and settings that iThemes Security Pro recommends. – FREE
  • 404 Detection – Blocks suspicious IP addresses automatically that are doing abnormal activities on your WordPress site. – FREE
  • Database Backups – Creates backups of your website’s database. You can create backups on a fixed schedule in addition to at your own request. – FREE
  • Global Settings – Basic options to configure the functionality of iThemes Security Pro. – FREE
  • Admin User – An advanced tool that removes users with a username of “admin” or a user ID of “1”. – FREE
  • Away Mode – Turns off WordPress accessibility and back on again on a fixed schedule. – FREE
  • Change Content Directory – Advanced feature to rename the wp-content directory to a different name. – FREE
  • Change Database Table Prefix – Change the database table prefix that WordPress uses. – FREE
  • File Change Detection – Scans your WordPress site for changes to files and pages that may have occurred unexpectedly. – FREE
  • Notification Center – Allows you to receive alerts, messages, and news about iThemes Security Pro right to your email inbox. – FREE
  • Banned Users – Allows you to view a list of blocked IP addresses. From here, you can view all the IP addresses that have attempted to compromise your WordPress site. If a trusted IP address gets accidentally banned, you can remove the IP from this list using this feature. – FREE
  • File Permissions – Allows you to grant permissions to other IP addresses that might belong to employees, members, VIP members, and more. – FREE
  • Hide Backend – Hide the login page by changing its name and preventing access to wp-login.php and wp-admin. – FREE
  • Password Requirements – Manage and configure Password Requirements for users. – FREE
  • SSL – Configure the use of SSL to ensure that communications between browsers and the server are secure. – FREE
  • System Tweaks – Advanced settings that improve security by changing the server config for this site. – FREE
  • WordPress Salts – Update the secret keys WordPress uses to increase the security of your site. – FREE
  • WordPress Tweaks – Advanced settings that improve security by changing default WordPress behavior. – FREE
  • User Groups – Manage user groups. – FREE
  • Local Brute Force Protection – Protect your site against attackers that try to guess login details to your site randomly. – FREE
  • Network Brute Force Protection – Join a network of sites that report and protect against bad actors on the internet. – FREE
  • Server Config Rules – If you need to manually add the server config rules generated by iThemes Security to your server, you can find them here. – FREE
  • wp-config.php Rules – If you need to manually add the wp-config.php rules generated by iThemes Security to your server, you can find them here. – FREE
  • Magic Links – Bypass lockouts using a Magic Link. – PRO
  • Malware Scan Scheduling – Protect your site with automated malware scans. When this feature is enabled, the site will be automatically scanned each day. If a problem is found, an email is sent to select users. – PRO
  • Passwordless Login – Enable logging in without a password. – PRO
  • Privilege Escalation – Allow administrators to temporarily grant extra access to a user of the site for a specified period of time. – PRO
  • reCAPTCHA – Protect your site from bots by verifying that the person submitting comments or logging in is indeed human. – PRO
  • Settings Import and Export – Export your settings as a backup or to import on other sites for quicker setup. – PRO
  • Security Dashboard – See a real-time overview of the security activity on your website with this dynamic dashboard. – PRO
  • Two-Factor Authentication – Two-Factor Authentication dramatically increases the security of your WordPress user account by requiring additional information beyond your username and password to log in. – PRO
  • User Logging – Log user actions such as login, saving content, and others. – PRO
  • User Security Check – Every user on your site affects overall security. See how your users might be affecting your security and take action when needed. – PRO
  • Version Management – Protect your site when outdated software is not updated quickly enough. – PRO
  • Trusted Devices (Beta) – Trusted Devices identifies the devices users use to login and can apply additional restrictions to unknown devices. – PRO


How To Use the iThemes Security Plugin?

Reviewing all of your WordPress security log entries isn’t always easy. It can be very complicated and time-consuming. You can make more sense of it all by using the new iThemes Security Dashboard.


how to use ithemes security plugin
iThemes Security provides a way for you to monitor and manage the security of your WordPress website. A real-time, dynamic Security Dashboard with all your website’s security activity stats in one place.


Related entries are accumulated in a way that’s more relevant to your needs. It uses security cards to organize data. Security cards sort accumulated information into smaller portions that are easier to understand.

Once you are prepared to get started, I strongly recommend running the Security Check feature before you do anything else.

Security Check simply sets everything into motion with the click of a button. When you click on “Secure Site,” the recommended services of iThemes Security Pro will instantly turn on.

The following features will be enabled:

  • Banned Users
  • Database Backups
  • Local Brute Force Protection
  • File Change Detection
  • Magic Links
  • Malware Scan Scheduling
  • Network Brute Force Protection
  • Passwordless Login
  • Strong Passwords
  • Two-Factor Authentication
  • User Logging
  • WordPress Tweaks

This feature is meant to save you time and to make sure that all the features are working as they should for the best protection possible.

Should you need to change anything about one of the services the plugin is running, you can manually toggle or adjust the specific setting that you want to change.


What Features iThemes Provide?

Below I will explain some of iThemes Security options that you can configure.

1. File Change Detection

No security system is perfect. Even the best systems fail at one time or another. How do you know if an unauthorized user has accessed your site? Usually, it’s because they’ve changed something.

File Change Detection will alert you to any changes in your WordPress installation so that you can identify which changes you made and which ones you didn’t.


2. Two-Factor Authentication

iThemes Security two-Factor Authentication is a feature that requires both your password and a code that is texted to your mobile device or sent to your email inbox.

You’ll need to enter both of these with each login attempt. It might seem like a pain, but it heightens the security measures so it can recognize who is attempting to log in.


two factor authentication wordpress website
iThemes Security Tow-factor authentication settings.


You can choose to turn this feature off, in addition to toggling it on and off for specific users who work on your website. For alternative options, you can check best WordPress two factor authentication plugins.


3. Passwordless Login

Passwordless login is a new way to verify a user’s credentials without requiring a password. It’s a simple, secure solution that improves the chances that most people will secure their accounts.


wordpress passwordless login
iThemes Security passwordless login settings.


The passwordless login that iThemes Security Pro provides will send you an email containing a link that will allow you to log in to your WordPress account with the single click of a button. It requires access to that specific user’s email account, which adds an extra security layer.


4. Global Settings Security Grade Report

Another notable feature included with this WordPress security plugin is Security Grade Report. This report grades your WordPress security according to the plugin and settings you use to protect your website.

You get an overall letter grade, in addition to individual letter grades for security settings. You also receive a list of aspects about your website that need the most attention.

With WordPress Security Grade Report, you can see how well your website is protected. If your grades are not satisfactory, the plugin recommends steps to help raise those grades.

If you aren’t sure what you need to do to make your website more secure, you can always visit that page to spot and solve problems quickly.


5. Malware Scan

Another great feature is the Sucuri Sitecheck Malware Scan. Sucuri Sitecheck utilizes a 10-point scan to search your website for malware, errors, and outdated plugins. You run this scan every day without any supervision on your end.


wordpress website malware scan plugin


Should Sucuri Sitecheck notice any problems, you can be alerted with a notification. You can also manually scan for malware at any time and get results back almost instantly.


6. Version Management

Understandably, updating new plugins can be a pain. Any theme or plugin can be hacked if they are outdated. This is because they create vulnerabilities that hackers eventually pick up on.

iThemes Security Pro has a feature known as Version Management. This feature will find and install new updates of WordPress, plugins, and themes instantly so that you are always up-to-date with the most recent versions.


automatically update wordpress plugins


If you have websites that you do not frequently update with content, Version Management can be a valuable tool to keep older sites remain secured and protected.


7. Magic Links

Magic Links is another neat feature that can be very helpful to website owners and users.

If you have been locked out due to the Local Brute Force Protection feature, you can request that a special message be sent to your email address with a unique way to log back in.

Then, you can log back into WordPress by skipping the lockout. The primary purpose of Magic Links is to keep hackers out while still allowing you and the people you trust back into WordPress.

Magic Links are secure and reliable, in addition to being a quick way to get back to WordPress if you get locked out.


8. Away Mode

Away Mode simply disables access to your WordPress dashboard, so that nobody can log in. Whether it be other trusted users or potential hackers, nobody can get in until Away Mode is turned off manually or automatically.

You can make the dashboard inaccessible on a fixed schedule so that nobody can log in when you’re not around. Like the other features, you can also manually turn Away Mode on and off, if you do not prefer a fixed schedule.

Away Mode is an excellent feature if designing your website is your job, and you only allow others to access during your work hours.


iThemes Security Pricing

iThemes Security has a free and pro version, but the Pro version is worth the investment and comes with many benefits. Should you stick with the free version of iThemes Security, you will not have access to features like Magic Links and two-factor authentication.

There are, however, a few features in the Pro Version that competitors offer for free, but iThemes Security Pro offers so much more protection that paying for features makes it worthy.

This WordPress plugin is available in three pricing plans. Each plan includes one year of updates and customer service and 10 iThemes Sync sites.


buy ithemes security pro


The Blogger version is $80 per year. It is good for one website. This is an excellent value for business owners that only have one site and are not looking to create more.

If you have more than one site, the other two versions might be more appealing. The Small Business version is $127 per year for usage on 10 sites.

The Gold version is $199 per year for usage on an unlimited number of sites. Whether you need to protect one website or dozens of websites, it’s important to get that professional security right away.


iThemes Security PRO Advantages And Disadvantages

Here are some pros and cons of using the iThemes Security plugin.


  • It has a free and premium version
  • Works with network and multisite installations
  • Files monitoring and malware scan
  • Affordable pricing
  • Easy to use dashboard interface
  • A vast number of security settings and options



1. It could break your site. This is a possibility with all security plugins, depending on various factors and the changes that these plugins make. That’s why it’s a good idea to make a complete backup before making any significant changes using iThemes.

2. It doesn’t always interact well with certain web hosting providers. Certain low-RAM shared hosting providers or VPS perform poorly with this plugin. Problems are more noticeable when using advanced features like file change detection, prefix changing, etc.

3. You may still need to edit the htaccess file to apply certain functions manually.

4.  iThemes Security is designed to help improve the security of your WordPress installation from many common attack methods, but it cannot prevent every possible attack.



iThemes Security PRO vs Wordfence Premium

These two can’t exactly compare as though they are security plugins, each does things differently. Wordfence is a comprehensive security solution mostly focused o using firewall.

It comes with an Endpoint firewall which allows it to be more secure & completely integrated with WordPress as compared to a cloud-based firewall.

Wordfence comes with a Security Scanner which extensively checks core files, themes, plugins. It looks for everything from backdoors to SEO spam. Wordfence allows you to monitor live traffic including parameters like origin, IP address, time of day, etc.

In addition to that, it provides two-factor authentication to hinder brute force attacks, block countries employing suspicious activities, manual blocking and blocking accounts with compromised passwords.

After I tested both plugins, I found that WordFence Security is a great security plugin, but it can put a significant load on your web server. It also has a clunky, complicated interface.

iThemes Security Pro has certain functions like its File Change Detection features, that can slow down your site. Overall, it performs better than WordFence Premium. Just keep in mind the fact that anything that scans your files continually will consume resources.

iThemes allows you to pick and choose the features that you want to enable or disable. You might want to disable certain functions that tend to slow down your site, or you could decide only to run those functions during low traffic periods.

For more detailed comparison, you can check iThemes Security vs Wordfence post.


blank comparison 300x160
  • Name
  • Price
  • Ban bad users
  • Block specific IP addresses and user agents
  • 404 Detection
  • Hide Login & Admin URL
  • Change WordPress salts & keys
  • Away Mode
  • Database Backups
  • File Change Detection
  • Remove Windows Live Write header information
  • Remove RSD header info
  • Rename 'admin' account
  • Change WordPress database table prefix
  • Change wp-content path
  • Force SSL for any post, page, or admin page
  • Turn off file editing in WordPress admin
  • Local brute force protection
  • Network brute force protection
  • XML-RPC brute force protection
  • Security logs
  • Email Notifications
  • Strong Password Enforcement
  • File Permission Check
  • Malware Scan
  • Two-Factor Authentication
  • Scheduled Malware Scanning
  • User Action Logging
  • Password Expiration
  • Passwordless Login
  • Bypass Lockouts with Magic Links
  • Web Application Firewall
  • Monitor live traffic
  • Content safety checks
  • Country blocking
  • Checks your site for known security vulnerabilities
  • Repair files
  • Rate Limiting
    Enable blocking/throttling functions
ithemes security vs wordfence
  • Free and paid version
    Paid version is $80/year for one site, $127/year for 10 sites, and $199/year for unlimited sites.
  • Available in PRO version
  • Available in PRO version
  • Available in PRO version
  • Available in PRO version
  • Available in PRO version
  • Available in PRO version
wordfence vs ithemes security
  • Free and paid version
    Pro version price for one site is $99/year, for two $170, etc.


NOTE: Features and options mentioned and compared in the comparison table may be inaccurate. Because as time goes, plugins get changes, updates, etc. For the most accurate information, check the official site. Also, not all features provided by each plugin are mentioned and compared.


iThemes Security Pro Review Conclusion

iTheme Security Pro was created to defend websites from common threats. No security plugin can prevent every single attack. Good practices and due diligence are essential. This plugin makes it easier for you to apply these measures.

WordPress sites need a good security plan that includes a trusted resource like iThemes Security Pro. WordPress currently powers over 35% of all active websites today, and it has been a frequent target for hackers and scammers.

You need to improve your WordPress site or WooCommerce store security and if needed use WooCommerce anti-fraud plugin. iThemes Security Pro can help ensure your site’s safety. It fixes common issues that you might not know about.

Its extra layer of security gives you peace of mind in keeping hackers out of your site. It allows you to focus on what matters – growing your site and increasing revenue.

If you are interested in other iThemes products, then BackupBuddy is an excellent choice for your backup needs.

And if iThemes Security is not what you are looking for in the security field, alternatives to consider are MalCare, 10Web security plugin (see review), and Swift Security.

DISCLOSURE: Posts may contain affiliate links. If you buy something through one of those links, I might get a small commission, without any extra cost to you. Read more about it here.

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top