How To Secure Your WordPress Websites with iThemes Security - 2021 Tutorial
Vložit
- čas přidán 10. 07. 2024
- 🛑🛑🛑 This video is outdated, check out 2024 version: • Secure Your WordPress ... 🛑🛑🛑
Learn how to secure your WordPress website by using a FREE plugin called iThemes Security. In fact, I use it on all of my and my client websites!
👇🏻👇🏻👇🏻 Start here 👇🏻👇🏻👇🏻
Do you want to support my channel? Leave a like or buy Divi / Elementor Pro with 10% discount via the link below. That will help me enormously to create these free videos for you and keep going!
⇒ Software that I recommend:
✅ Divi 10% discount ⇒ wp.discount/divi-discount/
✅ Elementor Pro ⇒ wp.discount/elementor-pro-dis...
✅ SiteGround 70% discount ⇒ wp.discount/siteground-discount/
✅ WP Rocket 10% discount ⇒ wp.discount/wp-rocket-discount/
I want you to succeed with your website, so lets get started.
⏱️Timestamps⏱️
0:00 Intro
0:25 Installing iThemes
0:50 Setting up the plugin
14:53 Advanced settings
19:35 Important things to do
20:16 Setting up two factor authentication
✅For tips and tricks on getting the most out of Divi and WordPress, don't forget to subscribe: wpressdoctor.com/sub
📖Transscript📖
Hey guys what's up? You don't want to get hacked, so let's get started by securing your WordPress website. And in this video we will be securing my latest website which you can see in this tutorial which shows you how to exactly create this awesome website. So be sure to check that out. So first we go to login to the dashboard, and then you go to 'Plugins' - 'Add new'. Because the only plugin we will need is this one: "iThemes Security", just press Enter. And this is a completely free plugin. They have a pro version but for now the free version is perfect. press 'Install Now' and then we press 'Activate'. Now our plugin has been activated. So the first thing we're going to do is we're going to press this 'settings' button right there. Do you have a webshop? You have a Network website with a forum for example? Do you have a nonprofit website with donations? Do you have a blog with a lot of interactions with comments? Do you have a portfolio just with a lot of pictures for example, or do you have a brochure website: a simple website to promote your business. Well choose the one that fits you. Why? Well, because there are different features going to be enabled if you choose a different one. Because for eCommerce we need different security settings than for a brochure. We are now going to use the brochure website: simple website to promote your business. We are setting the website up for ourself. And yes, I want to enforce a password policy. Why is this? Well, the entire security of your website could be compromised with just a weak password. So guys, this is really important. Use a strong password. Press 'Next'. The next step is enabling two factor authentication. This is powerful. If you enable this combined with your strong password, then your website is pretty much unhackable through the front gate. So if you enable this - let's push on this button- then you need a app on your mobile phone or a text message or anything else that will prevent users from logging in without using a second authentication factor. This is great. So we're going to enable this and we're going to press 'Next'. You want to keep this enabled. This is just when people try to login they have guessed your username right and they trying to login by guessing your password. Well, it's pretty hard if you don't have your mobile phone with authentication, it's pretty much impossible. But if they're trying to do so they will be locked out when they try five or six times. Also network brute force protection is all IP addresses will be scanned throughout a database so they know exactly who to block and who not. So press 'Next' on this one. And if you want a security check pro just when I said, enable this one because this is a powerful feature. Press 'Next'. Now this is useful if you have different authors on your website. If you're the only one, just press 'Default'. If you are the only one using your website, you can press 'Skip user groups'. If you're not the only one and you have multiple people work on your website. You can actually configure this per user. So let's say you're the administrator and you have a couple of editors or authors and you don't want the editors and the authors to change the iThemes Security settings. So you can disable the global settings in a security dashboard for that group of people. It is very very useful. We don't have different user groups on this website. So you can press 'Skip user groups'. If you don't have any other people who are going to your website, press 'Recommended configure site'. This is the place where you can add your IP address to WordPress security so you will be never blocked out of your website.
📖 Read the rest of the transcript at www.wpressdoctor.com/uncatego...
#WordPress #Security #iThemes
Hi guys check out this 🛑UPDATED VIDEO 2023 👉🏼 right here: czcams.com/video/P-Mmv-Zv9Hc/video.html Its completely up to date!
Thank you very much, Doc. I followed all yr steps. Now my site is secured. Thank you.
Hi Khethiwe, I'm happy I could help you out! I hope my other video's will also add something to your skillset and knowledge! Have a great day!
Just want to take a minute to appreciate your channel and your content. You make this content simple, clean, and easy to understand. Thank you a lot 🙏
Hi Anna! Thank you very much for your kind words. You made my Christmas Day 👍🏻😀 if you get stuck somewhere, don’t hesitate to leave me a comment. Thanks and happy holidays!
I found this so extremely helpful. Truly. Thank you so much!!
Hi Tasia! I’m glad the video was useful! Have a great day and if you have any questions, let me know!
this video is very helpful as it has everything you need to build a free website . THANK YOU🙂
You are very welcome!! Yes if you have hosting and the Divi theme you are all set 😀
Great, there are just no words ...
thank you so much!
Thanks again man 😀 you are very welcome!
Thanks. Keep doing the good work.
Thanks again! Really appreciate it 👍🏻😀
Great job, dude! Thanks a lot 👍
You are very welcome! Thank you for writing a comment. Really appreciate that! Please consider a like and subscribe or maybe a share for my video, that would help me a lot! If you want a free website review and audit, check wpressdoctor.com/audit
thanks dude your video is awesome now i know exactly what should i do after finishing any WordPress website to secure my website
That’s great! Thank you very much! I’m happy the video helped you out 😀👍🏻
Thank you! 💪🏻🚀
You are very welcome! I’m glad the video was useful. I hope my other video’s will also add something to your knowledge and skillset! Getting the word out there with your like and subscribe, and possibly a share would be much appreciated. Have a awesome day! If you want a free website review / audit, check wpressdoctor.com/audit
GREAT! AND GREAT! Thanks a lot!
You are very welcome!! I’m glad it was useful! 😀👍🏻
Thank you very informative & helpful 🙏
Thanks for letting me know! I’m glad you liked it 👍🏻😀
Thank you for this really helpful video
You are very welcome! It makes me happy to read your comment, thank you for taking some time to write me. I hope my other video's are also useful for you. Getting the word out there with your like and subscribe, and possibly a share would be much appreciated.
This is the greatest work ever thanks man
You are very welcome! Thank you for writing a comment. Really appreciate that! Please consider a like and subscribe or maybe a share for my video, that would help me a lot! If you want a free website review and audit, check wpressdoctor.com/audit
What a great tutorial ... Thanks
You are very welcome, it makes me happy to read your comment, thank you for taking some time out of your day to write me! Your like and subscribe would be very helpful if you haven't already done so. Social shares of the video are awesome as well.
Thank you so much!
Thank you for your kind words! Really appreciate that! Please consider a like and subscribe or maybe a share for my video, that would help me a lot! If you want a free website review and audit, check wpressdoctor.com/audit
Thanks very useful video
Thank you for your kind words! Really appreciate that! Please consider a like and subscribe or maybe a share for my video, that would help me a lot!
Awesome video
You are very welcome! Thank you for writing a comment. Really appreciate that! Please consider a like and subscribe or maybe a share for my video, that would help me a lot!
awesome!
Thank you for the compliment 👍🏻😀
Thank you Doc. Can you please make a video about ACF? I like your style of teaching.
Hi Cecil! Thank you very much 😊 I will make a video about tha in combination with Divi 😍 it’s on my list! Have a awesome day!
Very helpful video
Thank you very much! 😊 I’m glad you liked it!
Wow thanks so much! really helpful! Will try this out tomorrow😂
Excellent! Let me know how it goes and don’t hesitate to ask if things go off the rails. Have a awesome day!
@@WPressDoctor Thanks so much! yes the 2 factor authentication is not working the way it's supposed to. After scanning the code with Google Authenticator and entering the code - it keeps going back to the "Select Methods. Choose the Two-Factor methods you'd like to use when logging-in." page☹
Hm that’s odd! You can always ask iThemes support, maybe they can shine there light on the subject!
@@WPressDoctor okay I will give that a try, thank you.
thank you, very useful. can you make a video about SEO?
Thank you very much! There is one already; let me know if it’s useful! czcams.com/video/fJYvFdE9PCs/video.html
thanks for such a great video detailing all the features, one feature I was waiting for you to mention though was enabling SSL; does iTheme not have that available? And if so can you please explain how to enable it, please? Thank you in advance.
Hi Peterson, thank you very much for your kind words. Well the SSL is enabled first of all by your hosting company, and the IThemes Security plugin only can force users to use it. To do that: You can enable this feature by typing "SSL" in the Security Search Bar, or by going to
(1) Features > (2) Utilities > (3) Slide the tab to Enforce SSL.
I hope that helps you out! Let me know if that is what you are looking for. Your like and subscribe would be very helpful if you haven’t already done so. Social share of the video would also be highly appreciated!
Doc you are really professional and i love your videos and suggestions! Grazie mille. millions of stars
Thank you very much Siliva, thats very kind of you! It always makes me happy when I could help you out 😀
Nice one. Helped me understand iThemes Security much more. And what about its Tools section? :]
H there, You are very welcome! Great, I havent talked about them indeed. Its a bit tricky to change things on a Running website, please only use the tools on a NEW installation without any content. Changing user ID for example - I have it seen gone wrong. Database changes are also a bit tricky. Other things are fine to change. Good luck! Like and subscribe would really be helpful if you haven’t already done so 👍🏻😀
i love your content, i have a question, if I'm managing website for a client, it is better to use my own email or my clients email?
Thank you for your kind words, makes me happy that you love the content ☺️. It’s better to use your own email as the client wants you to manage it all (that’s where he is paying for I assume). So don’t bother him with emails from WordPress 🙂
Great tutorial, thank you!:) Is it possible to change the type of website later if you need to?
Thank you very much! Yes of course! It is a bit hidden in the options but it’s possible. It doesn’t really make a lot of difference to the options, but it’s possible!
@@WPressDoctor Great, thank you for the quick reply!:)
You are welcome!
This was very helpful thank you, but i don’t have enforce ssl in utilities for some reason. Any advice?
Hi there! Yes you can use “really simple SSL” as a extra plugin 👍🏻😀 But if you are totally over ssl you don’t need it 😊 Check if you have the padlock in your browser 🔒
Thank you some much!!
Your welcome, hope it does the trick for you!
Hi there i have had an error while i was trying to exclude some folders for the file changes: ".types should be array" what am i supposed to do? thanks a lot
Hi Silvia, that is weird! Sounds like you selected some folders that were giving a error. Just try to select only folders that are used by WP?
Hello, great video. I wonder what is the take on performance of ithemes on a server? And how does it compare to Wordfence? Thanks Wordpress Doctor.
Thank you for your comment! Really appreciate it. I run it on all my client websites and I don’t see any performance problems whatsoever. Wordfence lacks the hidden backend feature and some other things, I don’t like the look & feel, but further it’s almost the same. 😀
@@WPressDoctor ok, thanks!
Hello WPress Doctor, It would be great if you could make a separate video for ecommerce website settings for ithemes security
please also make a video on how to secure payment gateways in the ecommerce website
Great idea! I’ll put it on my list 😀👍🏻
Informative video. What are your suggestions on Wordfence plugin?
That it lacks a feature to hide the backend. Also, I don’t like the interface 😀👍🏻 I have had instances where the website still got hacked while WordFence was in place. That’s why I prefer IThemes. It has a 100% not-breached score with my clients 😀
@@WPressDoctor You are right. My website was hacked but Wordfence was present. I cleaned the website with the help of your malware removal video. Wpress doctor is real doctor for WordPress deceases. I have no words to give appreciation for your extraordinary work.
Thanks man, really appreciate your kind words! If your interested, I can review and audit your website for free. Checkout wpressdoctor.com/audit/ to submit your website 😀👍🏻
@@WPressDoctor That's great.
Great explanation. However, you did not cover how to style the Authentication Page. I have a custom login page styled in Elementor, but when it moves after the password to the Authentication Page it shows to vanilla WordPress login styling. How do I fix this, please?
That is a very good point! I might make a new video about that specific thing 😀👍🏻 Thanks!
@@WPressDoctor I wanna know that as well. This aplies to the 2F pages too, as those pages have the vanilla styling.
Thank you for this tutorial. How can we change the login url for users who subscribe/login? Thank you!
Hi there! You are very welcome! Users that subscribe could use the same URL you created or you can create a special login page for them. This can be achieved with every major member plugin 👍🏻😀
Great video, what I didn't understand though is, why you said that if you don't visit your website much, or change it a lot, you need more backups (360, every day of the year you said). Shouldn't that be the case for a website that changes and evolves a lot, like an affiliate marketing website ?
Hi Aditya! The less you see your own website, the more backups you need. Because when you work on it everyday, you immediately see that there is something going on. Then you can just go to the last backup. But when you don’t see your website a lot, the last backup may also been compromised 😀👍🏻 did I answer your question? If you like to have 365 backups a year, please do so 😍 better to be safe than sorry 👍🏻
What about an e-commerce affiliate website site that has a blog too? I’m not selling my own products, should I have selected e-commerce or blog? I selected blog 🤦🏽♀️. I also liked and subscribed ☺️
I am grateful to hear that my WordPress tutorial is useful for your needs. You did good and selected the right option! The ecommerce is only when you really sell your own products with WooCommerc for exacmple. Reach out to me if you have problems, I will gladly help you find a solution. A like, subscribe, and/or share really help others find my video, so if possible help me 😀 If you want a free website review and audit, check wpressdoctor.com/audit
thank you. what happens if your website is using Cloudflare? Do you write Cloudflare IP address?
Hi there and thanks for your question. Nope, just keep the normal IP address from your host 😀👍🏻 Have a great day and stay safe!
👏@@WPressDoctor
Great information as always. quick question: I follow your steps for the two-factor authentication, logged off signed in, and set up authenticator, logged off again, cleared cache, history and changed location on my VPN, and tried to log in again, and is NOT asking for the additional authentication, takes me right into the WordPress dashboard. Maybe I missed something, not sure what is going on.
Hi Pedro! Thanks for your question and good job in securing your website!! The 2 factor should work indeed. When you turned it on in iThemes, try also to turn it on on your Profile page, that might do the trick!
@@WPressDoctor AWESOME Doc... it worked! Thank you - Semper Fi
You are very welcome! I’m glad you got it fixed 😀
so if we followed your same steps then will we see security lock on our website like we see if we get ssl certificate
Hi Muhammad, no you will not get a SSL certificate using IThemes. The certificate has to come from your host 😀
Hi Doctor, i have installed iTheme on a new website and i have received a filechange warming with 7246 added file!!!! how can i check it to see if all is ok or not? THANKS A LOT.Sj Can you help?
Hi there! That could be a problem but what I think is that is the normal file count at the start of iThemes. It also could be that updates has taken place OR your caching system cleared the caches. You could email me a report at the@wpressdoctor.com and I can quickly see if it’s malware or just normal operation. You can export the log files of iThemes.
can i use ihemes security with Jetpack
Hi Njomi! Sure you can! But you have to keep the XML-RPC enabled, or else jetpack won’t work anymore. I’m just curious, why do you use the jetpack plugin? Love to hear from you, have a great day!
Hey I am creating my website for my portfolio so there will be strangers (customers that i dont know). so which group settings should i choose and also i dont want any login system the website is only a showcase of myself so no need of login system. can you please help me with the settings please??
Hi! Thanks for asking! You could use the exact same settings as I used in the tutorial. No worries mate, that’s perfect for your solution! 😀 Let me know if you need more help!
@@WPressDoctor Thanks but my "Contact Me" option got some problem. When I visit my website (through another device for testing), and send a test mail in contact me, it says "there was a problem sending your message please try again". Can you help me with that?
Well that has to do with other things. What theme are you using and what kind of contact form for example 😀👍🏻
@@WPressDoctor I used "arrival me" portfolio theme. The contact form has 3 options, First name, mail & type here...
Hm 🧐 I never heard of that theme before. My advice would be to contact the theme developers. They can surely help you out!
Thank you for this awesome video! I have set up the two factor authentication, but when I login it only asks for my username / password and it automatically logs me in. I can't seem to understand why this is?!
Hi there! You are very welcome 😀 it might Be that you still need to activate it under “users” -> “profile” and there all the way to the bottom you can check a box 👉🏻
@@WPressDoctor that was it! Thank you.
You are very welcome!
Hi, I changed the login slug exactly as you did but when I am unable to reach the new page. When I am writing my new login slug in the URL, I get the error "ERR_TOO_MANY_REDIRECTS", what can I do to resolve that?
Hi Paul! That is annoying! You could try opening your website in a incognito or private screen. It may be that caching is the problem. Once logged in, clear the cache. If you cannot acces your website anymore, use FTP to troubleshoot, I am doing this for IThemes in this tutorial: czcams.com/video/wRD5Zhu8Ids/video.html
@@WPressDoctor Hi thank you for the link! Good to know that "wp-better-security" is the same as "ithemes" in the plugin folder of the server. Basically, I just renamed the file, and then I deactivated the "hide backend" option. It seems to me that I had already a plugin doing that so both could not work together to do the same.
Ah great you got it figured out! Thanks for letting me know 😀👍🏻
Which do you prefer? Wordfence or ithemes Security?
Hi Rimon, I prefer iThemes! I really like the features and design but it lacks a malware scanner. IF you use strong passwords and 2 factor authentication AND you update everything, then malware could never be placed in my opinion. But what do you prefer?
@@WPressDoctor I believe in you and prefer ithemes Security as well. Thanks for you opinion Doc!
Your welcome! Just try them out yourself and see what works best for your websites 😀 Keep building those awesome websites!
im very sorry wpress doctor but ithemes security didnt really changed the login URL for my website but also broke the login URL wp-admin as well
Hi Mohan! That’s unfortunate. Try to disable the plugin using FTP. If you don’t know how, check out this tutorial, it’s free: czcams.com/video/wRD5Zhu8Ids/video.html
I followed every step until the one you logged out but now i can;t log in anymore it says to many redirects :( Does anyone know maybe what to do? It says delete your cookies i did that also the SLL certificate is right on my website. Now i cannot login anymore
Hi Laura! Please check the ending of the newest video where I explain what to do when you have locked out yourself 😊 you can find it here: czcams.com/video/P-Mmv-Zv9Hc/video.html let me know if that solved it!
@@WPressDoctor No :( i can;t find file manager in my hosting dashboard
Then try to do it with FTP! Works like a charm 😀
What is the cost of the paid version?
Hi Kimberley! The paid PRO version costs $80 for 1 year.
Hi, is there a way to hide the Wordpress theme and plugins?
Wel you could give the user just rights for editor, that might help? Else a snippet would be useful and working!
@@WPressDoctor Thank you very much! Super fast reply lol. Is there also a way via the source code?
It must be somewhere yes, quick search is this plugin; wordpress.org/plugins/hide-admin-menu/ if you look closely to it you can grab the code needed 😀 or this maybe (not tested): wordpress.stackexchange.com/questions/319306/hide-theme-options-and-customize-admin-menu
@@WPressDoctor Thank you for the help Doc! Much appreciated!
You are welcome!
is this video still relevant or has iThemes changed and it needs updating?
Hi Anna, I have just created a new version yesterday! Planning to have it online tomorrow so it’s complete updated 👍🏻😀 Stay tuned!
i dont have cache folder in wp-content, where do i find it?
Hi Priya! If you don’t have one, than I think you don’t use a caching plugin and your all good 👍🏻
@@WPressDoctor Thank you for answering that question WPress Doctor, but what is your name? Anyways, I appreciate your help. I have two more questions, first is that mine is ecommerce platform, so i will need customers to create an account before checkout, and i have changed my wp-admin page to something else, so will they be able to see the link slug that i created when they register?
secondly, i still see wp-admin when i am logged in on my website, so will i always see that or does it mean that the new slug is not been properly done? Thank you in advance.
Your welcome. The WP-admin is always visible when logged in, that works as intended. You should create a new login page for your customers with a login module, that would work!
Did they take SSL off the free Version its not in Utilities
Hi Aaron, no it is right here: czcams.com/video/BqR4odrHIss/video.html I talk about it 😀
@@WPressDoctor I also do not have the Enable SSL version in the Utilities. I can search for it and it shows up in the results, takes me to Utilities and then it is not there. Any idea why that could happen?
It could be that you don’t use SSL right now? It has to be setup with your host
what is mean "make backup to your phone on your computer"?
Thank you for your question. I need some context, when in the video you see this?
@@WPressDoctor 21:43
In the end of the video
If I lost my mobile it will be a problem and then I have to make backup to my phone on my computer
I just don't get it, make backup to my phone and my website, that what you mean? Or backup to the server?
Oh haha, I mean a backup of your telephone. You can make a backup using iTunes (iPhones) or with a Android app if you have a android phone. Then place that backup somewhere save like on your computer 👍🏻😀
This takes care of the wp-admin but what about the wp-login
Thanks for your question! It also hides that one 😊
@@WPressDoctor It redirects mysite/wp-admin.php page but When I type mysite/wp-login.php it shows wordpress default login it doesn't redirect it.
I think it's because I have multiple users Author, Contributor, etc because the page shows even when I am logged in already
@@kelennaanyanwu5372 It does show when you are logged in, but after installing iThemes, clear your caches and open up your website in a private / incognito screen. This might do the trick 😊
Hi man can hide my theme and plug-in from whatthemeisthat
You can, but it depends on which theme you are using?
How to contact you if by email
You can try via the@wpressdoctor.com but it will take a while till I reply 😀
Okay man no worries I know you are busy 👨💼
I made the steps as you did, but I can't add new admin user (another admin) and editor
Hi there! That’s strange, why can’t you add a new user? Is it a self hosted Wordpress website or are you not a admin?
@@WPressDoctor thanks for reply
I realized the wrong was from me
Thank you
Great that you got it fixed! Well done 😀👍🏻
I followed through the steps and after I was done, I logged out of my admin dashboard, now I can't login again! someone please help me
Hi there! That doesn’t sound good. No worries, everything can be fixed. What do you see when you try to login again? What is your error message?
@@WPressDoctor thanks so much for the prompt response. I didn't change the wp-admin login but right now when I try login from wp-admin, it says no result found
Thats strange, it seems like it is actually changed, do you remember the new login url? Then use that 👍🏻😀 if you don’t, login with FTP or via your hosting to a ‘file manager’ and rename the IThemes folder to something like (broken). Then you can login again 👍🏻
@@WPressDoctor I never knew it will generate a new login url coz in the tutorial, u only mentioned that we can either change it or leave it at default(I didn't change mine so I didnt know I still needed to copy anything out. I don't know much about the second option u gave(ftp), I guess I have my hands ful now.
Once again, thanks for the response.
Ur welcome! Well it should not change it when not changed that option, so it’s kinda strange. But the fastest Way is to disable the plugin via a file manager at your host. Rename the IThemes folder and you can login again 👍🏻
hi sir, how to remove seo spam injection on website?
Hi Chris, well if there is no backup available and you have closed all open gates, then you could do a find & replace via database. If you don’t know how that works, then remove it manually. Could that help?
do you also have a video tutorial for this sir? I'm just a beginner 😭😭😭
we are using cpanel and wordpress, thanks in advance.
It has to be done from within WordPress, just edit every post/page
These settings locked me out of website
Hi Sarah! That’s not very useful! Did you change the login address? Did you add your own IP adres to the whitelist?
You could always go into FTP or with File Manager and rename the plugin folder to something like (broken) behind the name, than everything is back to normal 👍🏻😀
@@WPressDoctor I didn't change the login address as I didn't want to risk getting logged out of forgetting the login address, I felt it was a risk as a beginner. I added my IP to the white list as instructed.
thinking of using a different plugin as I'm a bit scared of it now. also worried me about the authentication code as the app had changed the code before I could save it....
And can you login now using /WP-admin/? After a few minutes you could try again 👍🏻
Nope, that didn't work... I can not login after I changed my slug (and yes, I wrote it down correctly, lol). I watched other tutorials describe the same process, so I'm sure it is a good explanation of the process, but is there a crucial file that may not be built-in in all situations?"
Well if IThemes cannot write a rule to htaccess that could be the problem 💡
Hello can you please help me fixing my website please send me a contact information thank you
Hi Nivine, yes I can help you, send me a email at the@wpressdoctor.com