Spotlight: How iThemes Manages Their Website Security

iThemes was one of the first premium theme shops for WordPress. Over the years their focus has expanded to include premium WordPress plugins that help website owners manage and secure their websites.

In addition to a suite of plugins and themes, iThemes is committed to providing education and training for freelance web designers & entrepreneurs. They offer courses, tutorials, and free ebooks to help people improve their websites and businesses. iThemes is one of the most highly respected WordPress shops around. With almost 10K followers, their Twitter bio expresses their commitment to the WordPress community.

Our goal: Make People’s Lives Awesome.

iThemes Security

Cory Miller is the founder of iThemes. In 2014, they expanded their plugin line to include a security plugin offering for WordPress, iThemes Security (formerly called Better WP Security). This plugin is one of the most popular security plugins in the official WordPress plugin repository, boasting over 800k + installations. For those unfamiliar, the iThemes Security plugin is an application utility security suite, designed to help self-service administrators configure and harden various elements of their installation. It is a complementary tool to the services that companies, like Sucuri, offer.

When iThemes found themselves hit with a compromise and subsequent attacks, they turned to Sucuri to take advantage of the security services we offered, which included our technical knowledge pertaining to incident response protocols and proactive cloud-based DNS mitigation of external attacks.

A while ago, we discovered that our site had been compromised. Our first instinct was to do two things:

  1. Notify our host.
  2. Contact our friends at Sucuri.

Once the issues were addressed,  iThemes successfully deployed the Sucuri Firewall to actively prevent any future attacks.

Protection Platform

Our virtual patching and intrusion prevention systems stop attacks against iThemes and filter out any bad traffic. This protection from the firewall is included in our Website Security Stack (WSS), which also offers continuous monitoring and unlimited malware removal requests for a 12-month period.

In the days and weeks following the discovery, Sucuri was able to help us assess what damage had been done, as well as protecting and monitoring our site behind their Web Application Firewall.

When iThemes looks at their Sucuri dashboard, they can see the number of blocked requests and a list of the top blocked threats:

Sucuri dashboard showing blocked threats
Sucuri dashboard showing blocked threats

Looking at the top 8 categories of threats, iThemes uses Sucuri to mitigate a large number of potential attacks:

  • 400,000 threats over a six-month period.
  • An average of 1.5 threats per minute.

They can also see if there is a spike in blocked requests to identify whether there are any targeted attacks:

Firewall stats showing allowed vs. blocked requests
Firewall stats showing allowed vs. blocked requests

Part of the Team

Cory recommends Sucuri to website owners who need a comprehensive security solution for their website. Sucuri is committed to staying on the forefront of website security research – this is the secret sauce that makes the Website Security Stack so effective. Sucuri also focuses on providing great customer service, and the company culture encourages the team to go above and beyond for each of our customers.

Cory regards Sucuri as an extension of the iThemes team:

Sucuri is an active part of our team and work alongside us to help protect our website. Being behind the Sucuri WAF, we see hundreds of attacks prevented every single day. We know that the only way to be 100% secure on the web is to shut down your servers and turn off your computer, but since working with Sucuri we know that if anything does happen, we’re in the best possible hands.

For more information on how we provide website protection and performance, visit our website and chat with our Customer Happiness team today.

Read the Full iThemes Case Study!

If you would like to be featured as our next customer case study, click the button above and fill in the form at the bottom of the page.

1 comment
  1. I also agree the same thing of iTheme Security, Protection Platform and Part of the theme are needed for website security. For the proper maintenance, the host notification and contact information are very essential for iTheme security. This article provides the good explanation of iTheme Security.

Comments are closed.

You May Also Like