iThemes Security Pro Review

Disclaimer: This website contains affiliate links where I may receive a small commission, at no cost to you, should you choose to purchase a product as a result of clicking a link on this website.

iThemes Security Pro Review

From $48.00/yr

Brute Force Protection


File Change Monitoring




Security Grade Report


Integrated WAF



  • Strong Brute force protection
  • Custom notifications
  • Two-factor Authentication
  • Useful Security Grade Report


  • No WAF integrated
  • Backup only available for database

As we use iThemes on all of our websites, I have written this iThemes Security Pro review based on my first-hand experience.

Once installed, iThemes Security Pro has a wizard to help you secure your WordPress website quickly. It protects against Malware and a variety of common hacks known to the WordPress Security community.

The primary goal of iThemes Security Pro is to lock down your WordPress installation, fix common security holes, stop automated attacks and strengthen user login information. It is easy to use for beginners, with advanced features for experienced users.

Features Overview

  • Monitors your website for Malware using Sucuri SiteCheck
  • Brute Force Protection
  • Strong Password enforcement and monitoring
  • Lockout bad user login attempts
  • Ability to hide WordPress login and Admin area
  • File Change Detection
  • 404 monitoring and detection
  • WordPress and System tweaks for additional security
  • Scheduled database backups

The folks at iThemes offer a free version (try it first) and a paid version of their plugin. There are a lot more features in the paid version that help with hacker prevention.

Securing your website after installation is a one-click action. We would like to see an option at install that allows users to select a Standard or Aggressive approach to security settings. The current settings wizard provides more than adequate security. But there are a few tweaks we like to make on a regular basis to further secure our websites.

In the iThemes Security Pro Version, you can add things like “two-factor authentication” for Dashboard logins. It also comes with a Security Grade report that constantly monitors and reports on the security of your website. This then gives you suggest improvements you can implement with the click of a button. If you are not sure, there is integrated contextual help to assist you.

The Pro version also offers a User Security check. This evaluates the security of all your WordPress user accounts at one time, allowing you to take action on them if needed. The Malware scanner is also more advanced in the Pro version. This allows you to run regularly scheduled scans on your website for malware and will send you a report if anything is found.

Issues Easily Fixed

One area where we found iThemes to be a bit lacking is in the backups area. The backup functionality included with iThemes Security Pro handles only database backups. However, you could easily integrate their Backup Buddy plugin. This will allow you to backup everything. Including theme and plugin files.

Also, the iThemes Security Pro plugin does not include a Web Application Firewall (WAF). This is easily fixed by adding the WebArx WAF tool. We run WebArx together with iThemes Security and they work beautifully together. Because they are two different systems, they provide a nice validation, confirming that the other system is reporting and working properly.

For beginners and newbies, this is a well-rounded security tool that is simple to configure and easy to use.