Further articles of the series
Security Plugins for WordPress: #1 Security is important
Security Plugins for WordPress: #2 Wordfence Security
Security Plugins for WordPress: #3 iThemes Security
Security Plugins for WordPress: #4 NinjaFirewall
Security Plugins for WordPress: #5 Sucuri Security
Security Plugins for WordPress: #6 All In One WP Security
Security Plugins for WordPress: #7 VaultPress
Popular and professional
Directly after Wordfence Security follows the iThemes Security Plugin, at least if I would sort them by downloads. They are basically completely unimportant, but they give you a first indication of the quality of an extension, because most of the time you only use what works decently or proves to be durable. From iThemes Security so I'm promising myself a lot, but maybe in the end it's just a dazzler like Wordfence.
A plugin which can do a lot of things, but never really brings the great added value compared to the performance etc. Above all, iThemes Security seems to be more professional, because it is more nicely designed and the general hints and texts are clearer to understand. So instead of beating me to death with lines of text, iThemes Security really takes me by the hand and shows me exactly what I can do to make my website more secure. The first impression is therefore already very good, but the details will show how good iThemes Security for WordPress really is.
Beginner-friendly security plugin
What I immediately like about the Security Plugin is that it is very well thought out and beginner friendly. Immediately after installation, iThemes Security recommends that I first create a backup of the most important files etc. before I destroy my installation or make incorrect settings. That's the way it should be, because beginners in particular often destroy their WordPress installation with the odd plugin, especially if the settings affect the system deeply.
iThemes Security makes this almost impossible, at least if the user follows the instructions and actually takes them seriously. Apart from that, the aforementioned tour starts right after the installation, because as I said before: iThemes Security really takes me by the hand and guides me through its settings. So the plugin lists me relatively early on what I can do about theme security and what I should do.
Everything is provided with further information and therefore very easy to understand.
Safety for beginners and advanced students
In the settings iThemes is then quite extensive. With just one click I can switch my whole WordPress website to SSL, alternatively I can protect only the login via SSL. The database can be secured automatically if desired, so automated backups also ensure data security, not just the security of WordPress itself.
The ease of use for beginners is still a central theme of the plugin, because even standards such as directory browsing or directory search, which advanced users can already access via .htaccess can be activated quickly and easily with iThemes Security. The prefix for the database is also changed in no time at all, admin users are simply renamed, the WP content folder is also renamed, and much more. Virtually everything is offered, from the standard to the higher security level.
Security without one line of code
For me the absolute highlight of the plugin is the function to block the whole login for a certain time. I like the idea alone very much, because IThemes is mainly meant for holidays etc. If you are on the road for a few days, weeks or longer and don't want to risk a break-in, you can simply block the admin of WordPress completely for this time. Sounds pretty good to me and can even be extended, because iThemes Security can also change the URL for the actual login.
Sure, there are other ways to do this, but with iThemes, it's all on board and you can't say it often enough, especially for beginners, the extension is worth its weight in gold, because they don't know about the alternatives or can't really get along with real code. iThemes makes it easy and every Wordpress user, really everyone, can activate a few security rules and additional barriers with the plugin without having to deal with snippets, PHP, or other lines of code.
No active protection and no firewall
Despite the fact that iThemes Security, just like Wordfence, is overloaded in my opinion, the extension runs surprisingly smoothly and seems to have been programmed very cleanly. Where Wordfence noticeably paralyzes the server, iThemes is noticeable but not necessarily negative. But iThemes Security doesn't have its own firewall for WordPress and therefore doesn't actively protect against incoming attacks or annoying bots and crawlers.
It is more a plugin that contains a collection of useful security rules that can be activated automatically by clicking on them. This is not wrong of course, but it makes the plugin almost worthless for all experienced users, because they prefer to activate such things without a bloated plugin. So iThemes Security is primarily intended for newcomers, but in the end it does not offer any active protection, but only serves as a precaution.
Conclusion on iThemes Security
iThemes Security is available free of charge, but can be extended with a Professional license. This starts from 80 euros and includes additional features. Amongst other things, the Pro version of iThemes Security includes two-factor authentication, malware scanning, logins logs and much more. For me, iThemes Security does not have any real highlights apart from the time-lockable WordPress Admin. The plugin is a nice collection of security settings and for beginners it's certainly quite nice, but there is no real effective firewall, no detailed scan and therefore only limited protection against actual attacks.
For beginners, however, iThemes Security may be worth its weight in gold, because they can activate a few fixes with the plugin without having to know anything about it and are clearly told what else they can do about security. As a permanently activated extension, iThemes would be too bold and unnecessary for me, so I recommend that you pay a little more attention, learn and implement the settings without the plugin.