iThemes Security Pro Settings Checklist

iThemes Security Pro Settings Checklist

This checklist begins with the assumption that you have clicked on the Security link on the left hand admin menu region in your WordPress Admin Dashboard to open the iThemes Security menu.

  1. Before you begin, make a full backup of your WordPress site.
  2. Whitelist your IP address in the Dashboard area.
  3. Click on the Settings Tab at the top menu area.
  4. Check the option to “Allow iThemes Security Pro to write to wp-config.php.
  5. Verify that your email address is correct.
  6. Check the box next to “Send digest email” to cut down on notification emails.
  7. Click Save All Settings button at the base of the Global Settings section.
  8. In the 404 Detection section, check the box next to “Enable 404 detection.
  9. Click Save All Settings button at the base of the 404 Detection section.
  10. In the Banned Users section, check the box next to “Enable HackRepair.com’s blacklist feature.
  11. Check the box next to “Enable ban users.
  12. Click Save All Settings button at the base of the Banned Users section.
  13. In the Brute Force Protection section, enter your email address in the field next to “Get your iThemes Brute Force Protection API Key.
  14. Check the box next to “Enable local brute force protection.
  15. Check the box next to “Immediately ban a host that attempts to login using the “admin” username.
  16. Click Save All Settings button at the base of the Brute Force Protection section.
  17. In the Strong Passwords section, click the box next to “Enable strong password enforcement.
  18. We recommend setting the drop-down box next to “Select Role for Strong Passwords” to Subscriber.
  19. Click Save All Settings button at the base of the Strong Passwords section.
  20. Check ALL THE BOXES in the System Tweaks section.
  21. Click Save All Settings button at the base of the System Tweaks section.
  22. In the WordPress Tweaks section, check the box next to the following options:
    1. Remove the Windows Live Writer header
    2. Remove the RSD (Really Simple Discovery) header
    3. Reduce Comment Spam
    4. Disable File Editor
    5. Force users to choose a unique nickname
    6. Disables a user’s author page if their post count is 0
  23. Also in the WordPress Tweaks section, set the drop-down box in the XML-RPC section to Completely Disable XML-RPC.
  24. Click Save All Settings button at the base of the WordPress Tweaks section.
  25. Click on the top Pro tab and in the Malware Scan Scheduling section, check the box next to “Enable scheduled malware scanning.
  26. Make sure the “Email Contacts” are going to the people you want to receive alert notifications.
  27. Click Save All Changes button at the base of the Malware Scan Scheduling section.
  28. In the WordPress Passwords section, check the box next to “Enable Password Expiration“.
  29. Make sure the amount of days in the “Maximum Password Age” is set at the desired number of days before expiration.
  30. Click the Save All Changes button at the base of the WordPress Passwords section.
  31. In the Two-Factor Authentication section, check one or more of the boxes in the “Enable Two-Factor Providers” section.
  32. Follow the video to see the full demonstration on how to work with two-factor authentication.
  33. Click the Save All Changes button at the base of the Two-Factor Authentication section.
  34. Check to make sure your WordPress site is working as desired.
  35. Make a new full backup of your WordPress site.

Get iThemes Security Pro Now

Secure your WordPress site now with iThemes Security Pro, the best WordPress security plugin.

About the Author

Leave a Reply