New! Introducing WordPress Security Check Pro in iThemes Security Pro

The iThemes Security plugin includes a One-Click WordPress Security Check to make securing your WordPress website easier and less complicated. The latest version of iThemes Security Pro now includes two new automated server checks with its One-Click Security Check to ensure that you’re using the recommended features and settings to secure your WordPress website.

Introducing WordPress Security Check pro

WordPress Security Check Pro adds two new items to the Security Check to do the work of configuring two complicated settings for you: 1) Redirect HTTP Requests to HTTPS & 2) Automatic IP Spoofing Protection.

SSL and Automatic IP Spoofing Protection are very important but can be complicated to set up for most users, so iThemes Security Pro now handles an automated server detection process to make sure both are configured properly through the One-Click WordPress Security Check.

To take advantage of this update, you’ll need iThemes Security Pro (v. 4.4). Current iThemes Security Pro, Plugin Suite and Toolkit customers will find the 4.4 update available for licensed sites or as a manual download from the iThemes Member Panel. Save time updating all your sites at once from the iThemes Sync dashboard.

New! Detect + Force SSL with WordPress Security Check pro

The iThemes Security Pro plugin includes a WordPress SSL feature to ensure that communications between browsers and your site’s server are secure.

Secure Socket Layers (SSL) is a technology that is used to encrypt the data sent between your server or host and a visitor to your web page. When SSL is activated for your WordPress site, it makes it almost impossible for an attacker to intercept data in transit, therefore making the transmission of form, password or other encrypted data much safer.

The iThemes Security plugin gives you the option of turning on SSL (if your server or host supports it) for all or part of your site, but we’ve found that users can get confused about how to properly configure SSL on their site. We’ve made this easier by simplifying the SSL settings within iThemes Security and adding automated detection.

wordpress security check pro

iThemes Security’s WordPress Security Check can now automatically detect if it is safe to enable SSL for your WordPress site and will prompt you to enable it if available. Forcing connections to your site to use SSL is highly recommended as it protects login details from being stolen when using public WiFi or insecure networks.

Redirect All HTTP Page Requests to HTTPS with the iThemes Security Plugin

In addition to having automatic SSL detection in the WordPress Security Check, we’ve also simplified the iThemes Security SSL settings module in this update to make picking good settings easier.  You’ll find the SSL Module in the iThemes Security > Settings page.

wordpress ssl

You’ll get a customized message based on whether or not iThemes Security detects that your server supports SSL. This setting redirects all http traffic to your site to the https address, thus requiring everyone to access the site via SSL. In other words, it will force everyone to use a secure connection to the site.

ssl module

Automatic IP Spoofing Protection pro

Now iThemes Security will identify remote IP entry to protect against IP spoofing with the Security Check. This setting is highly technical but adds another layer of protection to your website to defend against hackers trying to sidestep lockouts.

security check

One-Click WordPress Security Check in iThemes Security

To recap, with just one click of the “Secure Site” button, iThemes Security will enable and configure all the recommended security features and settings within the plugin. This table lists out the feature/setting and the benefits activated by the Security Check.

wordpress security check

You’ll find the WordPress Security Check in the iThemes Security menu or on the iThemes Security > Settings page in your WordPress dashboard.

WordPress Security Check Feature/Setting Benefit
Banned Users Blocks specific IP addresses and user agents from accessing your site
Database Backups Creates database backups manually or on a schedule
Local Brute Force Protection Protects your site against attackers that try to randomly guess login details to your site
WordPress Tweaks This feature has a variety of settings that change the behavior of WordPress
Network Brute Force Protection Protects your site against known attackers before they reach your site
pro Strong Passwords Helps enforce that powerful (admin) accounts choose strong passwords for their logins
pro Two-Factor Authentication Greatly increases the security of your WordPress user account by requiring additional information beyond your username and password in order to log in to the site
pro User Logging Logs user actions such as login, editing or saving content and other actions into a viewable list
pro New! Redirect HTTP Requests to HTTPS This feature redirects all http requests to https and is highly recommended as it protects login details from being stolen when using public WiFi or insecure networks.
pro New! Automatic IP Spoofing Protection This feature identifies remote IP entry to protect aginst IP spoofing.

Get iThemes Security Pro Now with 30+ Ways to Secure Your WordPress Website

iThemes Security, our WordPress security plugin, includes 30+ ways to protect your WordPress website, including enhanced WordPress password security, WordPress two-factor authentication, WordPress brute force protection and more.

Use coupon code AUGUST35 to
save 35% off everything site-wide through
August 31, 2017 @ 11:59 p.m. (CDT).*

Get iThemes Security Pro

The post New! Introducing WordPress Security Check Pro in iThemes Security Pro appeared first on iThemes.

Powered by WPeMatico

Canadian Web Hosting [Ad]

PHP Object Injection Vulnerability in Leaky Paywall

https://www.pluginvulnerabilities.com/2017/08/17/php-object-injection-vulnerability-in-leaky-paywall/

We recently started proactively monitoring for evidence of some high risk vulnerabilities when changes are made to WordPress plugins and if we had more customers we could expand the proactive monitoring to more types of vulnerabilities. One of the types of vulnerabilities we are looking for are PHP object injection vulnerabilities since those are likely to be exploited if hackers become aware

Powered by WPeMatico

Settings Change Vulnerability in Asgaros Forum

https://www.pluginvulnerabilities.com/2017/08/16/settings-change-vulnerability-in-asgaros-forum/

One of the ways we make sure we have the best data on vulnerabilities in WordPress plugins is by monitoring the WordPress Support Forum for threads possibly related to those. Through that today we ran across a thread started earlier today that seemed to indicate malicious .php files were being uploaded through the Asgaros Forum plugin.

Looking over the plugin we found

Powered by WPeMatico

Canadian Web Hosting [Ad]