In version 5.5, iThemes Security Pro is adding yet another layer of security to WordPress sites. It comes with various new features to protect WordPress from compromised user accounts including trusted devices, login alerts, and session hijacking protection.
Trusted Devices & Login Alerts
It’s a new way to monitor and identify the devices used to login to your WordPress websites. By adding security measures for unknown devices, you can lock down your WordPress sites and protect them from compromised user accounts.
If an unknown device wants to get access to your site, you will get notified of this attempt right in the WordPress admin bar. Then you can approve or deny devices right from the WordPress User Profile page. Optionally, you can also receive a customizable Unrecognized Login Notification email. For unrecognized sessions it is possible to restrict their admin-level capabilities to prevent them from editing their login details.
It also integrates with the “Remember Me” setting of the Two-Factor Authentication. That way, users won’t need to enter their 2FA code for the next 30 days on the current device.
iThemes Security Pro uses geolocation to improve the accuracy of identifying a trusted device. Simply use the free MaxMind database or a paid MaxMind GeoIP2 Precision: City account for a high level of accuracy.
Session Hijacking Protection
With session hijacking, also known as Cookie hijacking, hackers are able to take over control of your account while you are using it. However, iThemes Security Pro now provides you with an option to prevent session hijacking by checking that a user’s device does not change during a session.
If it changes during a session, the security plugin will automagically log the user out to prevent any unauthorized activity such as changing email addresses or uploading malicious plugins.
Current iThemes Security Pro, Plugin Suite & Toolkit customers will get their hands on the latest version as a free update.