Process Street logo
  Edit
Uncategorized
ithemes security checklist
ithemes security checklist

ithemes security checklist

This checklist begins with the assumption that you have clicked on the Security link on the left hand admin menu region in your WordPress Admin Dashboard to open the iThemes Security menu.
1
Before you begin, make a full backup of your WordPress site.
2
Whitelist your IP address in the Dashboard area.
3
Click on the Settings Tab at the top menu area.
4
Check the option to “Allow iThemes Security Pro to write to wp-config.php.“
5
Verify that your email address is correct.
6
Check the box next to “Send digest email” to cut down on notification emails.
7
Click Save All Settings button at the base of the Global Settings section.
8
In the 404 Detection section, check the box next to “Enable 404 detection.“
9
Click Save All Settings button at the base of the 404 Detection section.
10
In the Banned Users section, check the box next to “Enable HackRepair.com’s blacklist feature.“
11
Check the box next to “Enable ban users.“
12
Click Save All Settings button at the base of the Banned Users section.
13
In the Brute Force Protection section, enter your email address in the field next to “Get your iThemes Brute Force Protection API Key.“
14
Check the box next to “Enable local brute force protection.“
15
Click Save All Settings button at the base of the Brute Force Protection section.
16
In the Strong Passwords section, click the box next to “Enable strong password enforcement.“
17
Click Save All Settings button at the base of the Strong Passwords section.
18
Check ALL THE BOXES in the System Tweaks section.
19
Click Save All Settings button at the base of the System Tweaks section.
20
In the WordPress Tweaks section --
21
Also in the WordPress Tweaks section, set the drop-down box in the XML-RPC section to Completely Disable XML-RPC.
22
Click Save All Settings button at the base of the WordPress Tweaks section.
23
Click on the top Pro tab and in the Malware Scan Scheduling section, check the box next to “Enable scheduled malware scanning.“
24
Make sure the “Email Contacts” are going to the people you want to receive alert notifications.
25
Click Save All Changes button at the base of the Malware Scan Scheduling section.
26
In the Two-Factor Authentication section, check one or more of the boxes in the “Enable Two-Factor Providers” section.
27
Follow the video to see the full demonstration on how to work with two-factor authentication.
28
Click the Save All Changes button at the base of the Two-Factor Authentication section.
29
Check to make sure your WordPress site is working as desired.
30
Make a new full backup of your WordPress site.