Best recommended settings for WordPress iThemes Security plugin
Best recommended settings for WordPress iThemes Security plugin (formerly Better WP Security) – tried and tested.
Before you go on, please note that i am in no way affiliated with the iThemes Security plugin, nor do i provide support for it. By using this plugin you are responsible and liable for your actions. These settings are my recommended preferences for me, and may not work for you or your sites.
Once iThemes Security is installed, carry out the one-click security to allow the plugin to choose initial minimum settings. Once you have done this, navigate to Security > Settings.
My chosen settings are (from top of page to bottom):
- Lockout Period = 360 minutes
- Enable 404 detection
- Enable File Change detection
- Email file change notifications
- Display file change admin warning
- Enable the hide backend feature
- Enable strong password enforcement
- Protect System Files
- Disable Directory Browsing
- Remove File Writing Permissions
- Disable PHP in Uploads
- Disable login error messages