Title: Solid Security – Password, Two Factor Authentication, and Brute Force Protection Author: StellarWP Published: 23 de Octubre de 2010 Last modified: 30 de Marzo de 2026 --- Buscar plugins ![](https://ps.w.org/better-wp-security/assets/banner-772x250.png?rev=2980272) ![](https://ps.w.org/better-wp-security/assets/icon.svg?rev=2980272) # Solid Security – Password, Two Factor Authentication, and Brute Force Protection Por [StellarWP](https://profiles.wordpress.org/stellarwp/) [Descargar](https://downloads.wordpress.org/plugin/better-wp-security.9.4.7.zip) * [Detalles](https://cl.wordpress.org/plugins/better-wp-security/#description) * [Reseñas](https://cl.wordpress.org/plugins/better-wp-security/#reviews) * [Desarrollo](https://cl.wordpress.org/plugins/better-wp-security/#developers) [Soporte](https://wordpress.org/support/plugin/better-wp-security/) ## Descripción #### Reduce el riesgo de tu sitio web WordPress casi a cero con Solid Security [Formerly iThemes Security. Looking for iThemes? Learn more here.](https://go.solidwp.com/wporg-security-ithemes) On average, 30,000 websites are hacked every day.* Cyberattacks in the US increased by 57% in 2022.** Bad actors who want to hack your site, steal your data, and cripple your business are a 24/7/365 threat. You need a proactive, strategic approach to WordPress website security that protects your site from brute force attacks, malware infections, and other cyber threats. [Solid Security](https://go.solidwp.com/solid-security-pro) shields your site from cyberattacks and prevents security vulnerabilities. It automatically locks out bad users identified by our Brute Force Protection Network that is nearly 1 million sites strong and leverages your own blacklist. It secures and protects your most commonly attacked part of your WordPress website – user login authentication. With Patchstack integration (Pro) protects your site before you even have a chance to address vulnerabilities and before a plugin or theme vendor or developer can even issue a patch. That’s 24/7/365 always-on truly Solid Security. #### 🌐 Asegura tu web en minutos The Solid Security setup and onboarding experience allows anyone to secure their WordPress website in under 10 minutes, regardless of technical acumen. Knowing that you have enabled all the right security settings for your website will leave you feeling like your site has never been more secure. #### 📚 Plantillas de sitios web de seguridad que se adaptan a tu tipo de web Enabling the correct security settings based on the type of website you are building or maintaining is essential for proper security. An eCommerce site requires a different level of security than a basic blog. Solid Security Site Templates make it quick and easy to apply the right security settings for your website. Choose from six different site templates to apply the type of security your site needs: 1. **Ecommerce** – websites that sell products or services 2. **Network** – websites that connect people or communities 3. **Non-Profit** – websites that promote your cause and collect donations 4. **Blog** – websites that share your thoughts or start a conversation 5. **Portfolio** – websites that showcase your craft 6. **Brochure** – simple websites that promote your business #### ⌚ Panel de seguridad del sitio web en tiempo real Every day, lots of activity is happening on your website that you can’t see. Many of these activities can be related to your site’s security, so monitoring these events is vital to keeping your site secure. The [Solid Security Pro](https://go.solidwp.com/solid-security-pro) plugin provides a real-time WordPress security dashboard that monitors security-related events on your site around the clock. The Solid Security Dashboard is a dynamic dashboard with all your WordPress website’s security activity stats in one place, including brute force attacks, banned users, active lockouts, site scan results, and user security stats (Pro). #### 🗝️ Seguridad de inicio de sesión en WordPress Setting up and maintaining proper WordPress configurations and managing user account access are essential aspects of hardening your site against threats and vulnerabilities. Basic and Pro include features that address both of these factors. * **Two Factor Authentication (2FA)** – Make your WordPress login nearly impenetrable to attack by requiring users to enter a security code along with a password to login. The Solid Security plugin allows you to add two-factor authentication to your WordPress login with several authentication methods, including mobile apps like Authy and Google Authenticator, email, and backup codes. * **Password Requirements** – Create and enforce a password policy for your users in less than a minute. * **reCAPTCHA** (Pro) – Stop bad bots from engaging in abusive activities on your website, such as attempting to break into your website using compromised passwords, posting spam, or even scraping your content. * **Passwordless Logins** (Pro) – WordPress security made easy. Secure your user accounts with 2fa & strong passwords while allowing real users login with a click of a mouse. * **Trusted Devices** (Pro) – Identify the devices you and other users use to block session hijacking attacks and limit Administrator privileges to Trusted Devices. * **Automated Vulnerability Patching** (Pro) – Solid Security Pro includes Patchstack which patches vulnerabilities before you have a chance to and applies fixes even before a plugin developer or vendor has issued a patch. Learn more about how [passwordless login is the future](https://go.solidwp.com/wporgpasswordless) and how Solid Security can help you implement it today. #### 👨‍👩‍👧‍👦 La cantidad adecuada de seguridad para cada nivel de usuario Different types of user levels require different levels of security. During the Solid Security setup process, you can identify your website’s key user groups. Once the different types of users are identified, you can apply the level of security that is just right for each user group. Here are a couple of examples of how User Groups are useful for securing your site: * **For Clients** – Let’s say you are configuring Solid Security on a client’s website. You will decide whether or not they are required to use two-factor authentication and if they should have access to the Solid Security settings. * **For Customers** – If you have an eCommerce website, you will decide whether or not you want to protect customer accounts with a password policy. **Privilege Escalation** (Pro) also adds a safe, secure way to grant temporary admin- level access to your website. #### 🤖 Bloquear Bots Malos & Prohibir agentes de usuario con bloqueos * **Ban Users** (Basic and Pro) – Permanently block repeat offenders from accessing your site. Local Brute Force Protection – Automatically identify and stop the most common method of attack on WordPress sites. * **Local Brute Force Protection** (Basic and Pro) – Automatically identify and stop the most common method of attack on WordPress sites. * **Network Brute Force Protection** (Basic and Pro) – The network is the Solid Security community and is nearly one million websites strong. If someone tries to break into websites in the Solid Security community, Solid Security will block them across the network. * **Magic Links** (Pro) – Security shouldn’t get in your way. Magic Links allow you to log in to your WordPress site while your username is locked out by the Solid Security Local Brute Force Protection feature. #### 🔍 Monitor Your Site’s Security Health * **File Change Detection** (Basic and Pro) – Solid Security logs changes made to your website that can help detect malicious activity on your website. * **Site Scanner (Basic and Pro)** – Schedule checks to run four times per day ( Basic) or hourly (Pro) for known vulnerabilities of WordPress core file, plugins and themes. Using the Google Safe Browsing API, the Site Scan also checks your Google’s blocklist status and will alert you if Google has found any malware on your website. * **Patchstack integration (Pro)** – Automated virtual patching of some vulnerabilities before you even have a chance to address them yourself, and before a plugin or theme vendor or developer can even issue a patch. * **Site Scanner** (Pro) – Unlock Version Management to automatically apply a patch to vulnerable software detected by the Site Scan when one is available. * **User Logging** (Pro) – Keep a record of user activity in your WordPress security logs, including login/logout, user registration, adding/removing plugins, switching themes, changes to posts and pages, and more. * **Version Management** (Pro) – The Version Management feature in Solid Security Pro allows you to auto-update WordPress, plugins, and themes. Beyond that, Version Management also has options to harden your website when you are running outdated software and scan for old websites. #### 🧠 Smarter, More Actionable Vulnerability Prioritization Not all vulnerabilities pose the same level of risk, and the traditional Common Vulnerability Scoring System (CVSS) score doesn’t always reflect the realities of running a WordPress site. Solid Security now uses the Patchstack Priority score, which goes beyond CVSS to provide a real-world risk assessment tailored to WordPress. It factors in how likely a vulnerability is to be exploited and its actual impact on your site. With Patchstack Priority, you get a clearer picture of what really matters, helping you focus on the vulnerabilities that pose the greatest risk, and worry less about noise from low-impact issues. #### 🛠️ Utilidades de seguridad para webs * **Enforce SSL** – Force all connections to the website to be made over SSL/TLS. * **Database Backups** – Create backups of your WordPress database. (Not a complete backup.) * **Geolocation** (Pro) – Improve Trusted Devices by connecting to an external location or mapping API. #### 🚀 Herramientas avanzadas de seguridad * **Identify Server IPs** – Prevent issues caused by inadvertently locking out your server IPs. * **Change User ID 1** – Change the user ID for the first WordPress user, potentially preventing attacks that assume the user with ID1 exists and is an administrator. * **Change Database Prefix** – Change the database prefix that WordPress uses, potentially preventing attacks that assume the database prefix is “wp_”. * **Check File Permission** – See the file and directory permissions of key areas of your site. * **Server Config Rules** – View or flush the server security rules generated by Solid Security. * **wp-config.php Rules** – View or flush the wp-config.php security rules generated by Solid Security. * **Change WordPress Salts** – Secure your site after a successful attack by changing the WordPress salts used to secure cookies and security tokens. * **Hide Login URL** – change the login URL of your site, making it harder for bots to find your login page and attack it. #### 🛟 ¿Necesitas ayuda? Free support may be available with the community’s help in the WordPress.org support forums. Our Solid Security support team provides top-notch technical support to all our Solid Security Basic users there. **[Our Help Center will help you become an iThemes Security expert.](https://go.solidwp.com/security-help-center)** Get additional peace of mind with professional support from our expert team and pro features to take your site’s security to the next level with Solid Security Pro. #### Recover From a Hacked Site Solid Security hace copias de seguridad regulares de tu base de datos de WordPress, permitiéndote volver a estar online rápidamente en caso de recibir un ataque o una brecha de seguridad. Usa Solid Security para crear y enviar por correo electrónico copias de seguridad con una programación personalizada. For complete site backups and the ability to restore or move WordPress to a new host or domain, check out [Solid Backups](https://go.solidwp.com/security-basic-solid-backups). #### Solid Central Integration Manage more than one WordPress site? Release lockouts and keep your themes, plugins, and WordPress core up to date from one dashboard with [Solid Central](https://go.solidwp.com/security-basic-solid-central). *Zippia. “30 Crucial Cybersecurity Statistics [2023]: Data, Trends And More” Zippia. com. Jun. 15, 2023, https://www.zippia.com/advice/cybersecurity-statistics/ **https://blog.checkpoint.com/2023/01/05/38-increase-in-2022-global-cyberattacks/ ### Licencia Publicado bajo los términos de la licencia pública general GNU. ## Capturas de pantalla * [[ * Customized onboarding configures your security settings to your needs * [[ * Panel de seguridad en tiempo real * [[ * WordPress Login Security with Two Factor Authentication * [[ * Firewall rules, Block Bad Bots, and Ban User Agents with Lockouts * [[ * Controla la seguridad de tu sitio web * [[ * Database backups help you get up and running again when the worst happens * [[ * Advanced Security Settings for power users * [[ * Automated vulnerability patching with Patchstack (Pro) ## Bloques Este plugin proporciona 1 bloque. * Solid Security User Security Settings ## FAQ ### ¿Por qué Solid Security requiere la última versión de WordPress? ¿Puedo usarlo con una versión un poco más antigua? * Una de las mejores prácticas de seguridad de un propietario de un sitio WordPress es tener el software actualizado. Debido a esto solo probamos este plugin con la última versión estable de WordPress y solo garantizamos que funcione en la última versión. ### ¿Frenará este plugin completamente todos los ataques a mi sitio? * No. Solid Security está diseñado para ayudar a mejorar la seguridad de tu instalación de WordPress frente a la mayoría de los métodos de ataque más comunes, pero no puede impedir todo posible ataque. Nada reemplaza la diligencia y las buenas prácticas. Este plugin hace que te sea un poco más fácil aplicarlas. ### ¿Es este plugin solo para nuevas instalaciones de WordPress o puedo usarlo en instalaciones existentes también? * While Solid Security can be installed on either a new or existing site, we strongly recommend making a [complete backup](https://go.solidwp.com/security-basic-solid-backups) of your existing site before applying any features included in this plugin. ### ¿Funciona este plugin en todos los servidores y hosts? * Solid Security requiere Apache o LiteSpeed y mod_rewrite o NGINX para funcionar. ### ¿Qué cambios hace este plugin que puedan romper mi sitio? * Solid Security hace cambios significativos a tu base de datos y otros archivos del sitio que podrían ser problemáticos en sitios WordPress existentes. De nuevo, te recomendamos encarecidamente hacer una copia de seguridad completa de tu sitio antes de usar este plugin. Aunque es raro que haya problemas la mayoría de las peticiones de soporte suelen tener que ver con no haber realizado antes de la instalación una copia de seguridad adecuada. CESIÓN DE RESPONSABILIDAD: Bajo ninguna circunstancia ofrecemos este plugin con garantía alguna, implícita o de cualquier otro tipo. No podemos asumir responsabilidades por cualquier daño que pueda surgir del uso de este plugin. ## Reseñas ![](https://secure.gravatar.com/avatar/6d548bccf241c8f2ad97f6db6e182d15fd27c363f6477af423d953eb93cae9cc? s=60&d=retro&r=g) ### 󠀁[Crashes Website, No Support For Free Version.](https://wordpress.org/support/topic/crashes-website-no-support-for-free-version/)󠁿 [michaelpd](https://profiles.wordpress.org/michaelpd/) 27 de Marzo de 2026 Woke up to our customer’s website going down. Found out that the htaccess and wp- config files were both blank, completely empty. Everything is up to date (WP, Theme, Plugin, PHP). Restored those two files and deactivated this plugin, everything appears to be working normally. Solid Security doesn’t have any support unless you’re a paid PRO customer with a login. Terrible customer support. ![](https://secure.gravatar.com/avatar/fb5a2afd0a9c8b27691d4243e184156da9eba56b4246d831fe87f8dc7b0fefd7? s=60&d=retro&r=g) ### 󠀁[Solid Security Breaks Vimeo Gallery Portfolio](https://wordpress.org/support/topic/solid-security-breaks-vimeo-gallery-portfolio/)󠁿 [noa2noa](https://profiles.wordpress.org/noa2noa/) 21 de Febrero de 2026 3 respuestas I’m using the Vimeo Gallery WordPress plugin to display my Vimeo portfolio on my website. After installing Solid Security, my portfolio stopped loading completely. Because I can’t afford to have my portfolio offline, I removed Solid Security. The gallery started showing again, but as soon as I clicked on another portfolio item, it would freeze. In the end, I had to restore a backup of my website to fix everything. There may be a configuration that resolves this, but I couldn’t figure out what was causing the conflict. I’m sure Solid Security is a solid plugin overall, just sharing this so other Vimeo Gallery WordPress plugin users are aware of a possible issue. ![](https://secure.gravatar.com/avatar/d2e2ec68c37b31b8c6a8f44a7e49a6575fa7e826664595d01fe9edc859ea5994? s=60&d=retro&r=g) ### 󠀁[Excellent plugin, looking forward to PHP 8.4 compatibility](https://wordpress.org/support/topic/excellent-plugin-looking-forward-to-php-8-4-compatibility/)󠁿 [Reponse Studio](https://profiles.wordpress.org/branddavid/) 17 de Diciembre de 2025 Great plugin overall, very solid and reliable in production. When testing PHP 8.4, I’m seeing repeated deprecated notices (implicit nullable parameters) coming from Solid Security that can interfere with REST/AJAX responses in the admin. Everything is stable on PHP 8.3, so this looks like a PHP 8.4 compatibility gap rather than a configuration issue. A future update addressing PHP 8.4 deprecations would be highly appreciated. Thanks for the continued work on this plugin. ![](https://secure.gravatar.com/avatar/445a91df3bb95a5dd421f95cda74d5f2ef283eff39390d11ec25786bc1eeec9b? s=60&d=retro&r=g) ### 󠀁[CSS problem](https://wordpress.org/support/topic/css-problem-106/)󠁿 [Ilya](https://profiles.wordpress.org/sarbash/) 12 de Octubre de 2025 By using next CSS rules .auto-fold #wpcontent { padding-left: 0;}#wpcontent { padding- left: 0;} you break original Wordpress CSS #wpcontent { height: 100%; padding-left: 20px;} ![](https://secure.gravatar.com/avatar/b5a48a8a6526d14af6f77691c2e3c8995f94c7aba2dced1956da398dc0101c85? s=60&d=retro&r=g) ### 󠀁[from happy to VERY disappointed](https://wordpress.org/support/topic/from-happy-to-very-disappointed/)󠁿 [jongveronique](https://profiles.wordpress.org/jongveronique/) 4 de Octubre de 2025 1 respuesta I used to be very happy with the plugin. It did exactly what it needed to do, even if setup was a bit of a challenge.Now it broke one of my sites 3 weeks in a row. First an empty wp-config file, then an error in the .htaccess (with 2 sites) and this week only the homepage of the site was live and all others were nowhere to be found (404). I deactivated this plugin and all of a sudden the pages had returned. I am afraid I’ll have to look for another security app. ![](https://secure.gravatar.com/avatar/23ba52d853e14bf27a82bbfd727169d5b9f81817f44f6ef3a3d93a4b53e77e63? s=60&d=retro&r=g) ### 󠀁[Reliable Security You Can Count On](https://wordpress.org/support/topic/reliable-security-you-can-count-on/)󠁿 [Asif Hossain](https://profiles.wordpress.org/asifhossain1/) 29 de Agosto de 2025 This plugin makes website protection simple with real-time monitoring and automatic blocking that works quietly in the background. I feel more confident knowing threats are stopped before they cause damage. The cost of the premium plan could be a hurdle for smaller projects but the features are impressive. [ Leer los 3,982 comentarios ](https://wordpress.org/support/plugin/better-wp-security/reviews/) ## Colaboradores & Desarrolladores “Solid Security – Password, Two Factor Authentication, and Brute Force Protection” es software de código abierto. Las siguientes personas han contribuido a este plugin. Colaboradores * [ StellarWP ](https://profiles.wordpress.org/stellarwp/) * [ iThemes ](https://profiles.wordpress.org/ithemes/) * [ Timothy Jacobs ](https://profiles.wordpress.org/timothyblynjacobs/) * [ Lisa Canini ](https://profiles.wordpress.org/lisacee/) * [ SolidWP ](https://profiles.wordpress.org/solidwp/) “Solid Security – Password, Two Factor Authentication, and Brute Force Protection” ha sido traducido en 24 idiomas. Gracias a [los traductores](https://translate.wordpress.org/projects/wp-plugins/better-wp-security/contributors) por sus contribuciones. [Traduce “Solid Security – Password, Two Factor Authentication, and Brute Force Protection” a tu idioma.](https://translate.wordpress.org/projects/wp-plugins/better-wp-security) ### ¿Interesado en el desarrollo? [Revisa el código](https://plugins.trac.wordpress.org/browser/better-wp-security/), echa un vistazo al [repositorio SVN](https://plugins.svn.wordpress.org/better-wp-security/), o suscríbete al [registro de desarrollo](https://plugins.trac.wordpress.org/log/better-wp-security/) por [RSS](https://plugins.trac.wordpress.org/log/better-wp-security/?limit=100&mode=stop_on_copy&format=rss). ## Historial de cambios #### 9.4.7 * Bug Fix: Prevent email retry loops by ensuring the scheduled notification properties are saved. #### 9.4.6 * Enhancement: Update Patchstack details for existing vulnerabilities. #### 9.4.5 * Tweak: Ensure generated Nginx config rules are valid for customized directory structures. #### 9.4.4 * Tweak: The Solid Security Basic and Solid Security Pro plugins can no longer be active at the same time. * Tweak: Config files now show “Solid Security” instead of “iThemes Security”. * Tweak: Improved Database Backups dashboard widget when the feature is disabled. * Tweak: Clarify the 2FA onboarding email confirmation message. * Tweak: All Gutenberg blocks use API version 3. * Security: Update the “tmp” npm package. * Bug Fix: Vulnerable Software dashboard card didn’t render properly. * Bug Fix: Firewall rules that depend on HTTP headers didn’t work correctly in all cases. * Bug Fix: PHP Warning: Undefined array key 1 core/admin-pages/logs-list-table. php. * Bug Fix: Logs will appear in the correct order regardless of database version. * Bug Fix: PHP Warning: Array offset on value of type null core/modules/security- check-pro/class-itsec-security-check-pro.php. #### 9.4.3 * Enhancement: Send notification about new vulnerabilities found during manual scan. * Tweak: Show mitigated vulnerabilities and ensure all unresolved vulnerabilities are visible on the Site Scan page. #### 9.4.2 * Bug Fix: PHP notice about early translations loading on the settings screen. #### 9.4.1 * Bug Fix: Missing assets in release 9.4.0. #### 9.4.0 * Important: Solid Security now requires PHP 7.4 or later. * New: Patchstack Priority tells you how quickly you should address a vulnerability so you can focus on the most critical issues. * New: The Security Digest email includes a complete list of vulnerabilities affecting your site. * Enhancement: The Site Scan email now only includes newly found vulnerabilities to prevent notification fatigue. * Enhancement: Site Scans now run four times daily to detect new vulnerabilities. * Tweak: Make frontend JS code compatible with React 18. #### 9.3.10 * Tweak: Update SolidWP Logo #### 9.3.9 * Tweak: Reduce number of steps in the onboarding sequence. * Bug Fix: Notification Center settings could not be properly saved. #### 9.3.8 * Tweak: Delete older JS files that were causing false-positives on scans. They have not been used since the UI was rewritten in React. * Security: Update StellarWP Telemetry library to improve authorization checks. #### 9.3.7 * Enhancement: Use block API Version 3 for the Security Profile block. * Bug Fix: PHP warning when HTTP_HOST not set. #### 9.3.6 * Enhancement: Better surface Login Security features during onboarding. #### 9.3.5 * Bug Fix: PHP warning about translations being loaded too early. #### 9.3.4 * Important: Solid Security now requires WordPress 6.5 or later. * Tweak: Add a new `solid_security_mail_site_logo` filter to modify the Site Logo used in email notifications. * Bug Fix: PHP fatal error on shutdown due to missing Event class on some sites. * Bug Fix: PHP warning on Site Health page. * Bug Fix: PHP warning in the SSL module on some server setups. #### 9.3.3 * Enhancement: Improve highlighting settings search results. * Bug Fix: Crash during the onboarding process when starting over in some paths. * Bug Fix: Checkbox styling issue on WordPress 6.6. * Bug Fix: Fire an action when a vulnerability is unresolved due to plugin activation. #### 9.3.2 * Important: “Automatic (Insecure)” IP detection has been removed. Read more: https:// go.solidwp.com/firewall-features-not-available * Enhancement: Allow generating a new Two-Factor TOTP secret from the WP-Login UI. * Bug Fix: The SolidWP logo appeared too large in some email clients. * Bug Fix: An error would occur if we could not determine the length of database columns while saving log items. #### 9.3.1 * Tweak: Add a notice when a user’s role is demoted from the Site Scans page. * Tweak: Update Privacy Policy generator text. * Bug Fix: Could not proceed through onboarding when BuddyPress or BuddyBoss was active. * Bug Fix: Some firewall rules could not be deactivated. * Bug Fix: Allow opting in to Telemetry via the Settings Page. * Bug Fix: PHP 8.2 deprecation warnings. #### 9.3.0 * New: The Firewall page has a new IP Management tab to provide easy access to blocking or authorizing IP addresses. * New: Usage Data Sharing (opt-in only) allows users to share non-personal and non-sensitive information with StellarWP to inform decisions about how to improve Solid Security in the future. * Enhancement: Add a snackbar notice when making changes on the Firewall Configure page. * Tweak: Remove some straggling references and links to iThemes. * Tweak: Consistently refer to 2FA as Two-Factor Authentication on the Profile page. * Tweak: Allow performing more Site Scan actions when the issue is muted. * Bug Fix: Truncate log item columns that are too long before inserting into the database. * Bug Fix: Consistently order the Security Profile tabs. * Bug Fix: Add missing text domain to new Solid Security Admin Menu items. * Bug Fix: Reset filters on the Vulnerabilities page when starting a Site Scan. * Bug Fix: PHP warning on the logs page when the File Change module logs unexpected data. #### 9.2.0 * New: Refreshed UI for manging per-user security settings like Two-Factor. The previous Two-Factor UI can be enabled using the SOLID_SECURITY_LEGACY_2FA_UI constant. * New: A new block “Solid Security User Security Settings” let’s you display this UI on the front-end of your website. The [solid_security_user_profile_settings] shortcode can be used if you’re not yet using the Block Editor. * Important: Solid Security now requires WordPress 6.3 or later. * Enhancement: Display a snackbar notice when sending a 2FA reminder from the Site Scan page. * Enhancement: Include a link directly to the Patchstack database in the Site Scanner alert email. * Tweak: Remove iThemes Security is now Solid Security banners from the admin. * Bug Fix: Trying to enable Network Brute Force from the Security messages center linked to the wrong place. * Bug Fix: During onboarding, a double scrollbar was displayed on some screen sizes. #### 9.1.0 * New: Add support for creating custom firewall rules. * Enhancement: Add support for configuring firewall settings from the Firewall page. * Bug Fix: The firewall page would appear empty when geolocation could not retrieve a country code. #### 9.0.3 * Bug Fix: Remove an extra folder containing duplicate plugin files #### 9.0.2 * Bug Fix: Adding missing dist files to SVN #### 9.0.1 * Security: Don’t disclose the login URL when using Hide Backend on a site with comments enabled and comment registration required. Thanks to Naveen Muthusamy for disclosing this issue. * Hardening: Check for the promote_user capability when using Privilege Escalation in addition to edit_user. * Tweak: Remove the iThemes Security is now Solid Security banner from admin-facing email notifications. * Bug Fix: Prevent the User Security page from crashing when “Show Avatars” is disabled in the WordPress discussion settings. * Bug Fix: Fix some filters on the User Security page not working as expected. * Bug Fix: Fix spacing on the Two-Factor form when backup methods are enabled. * Bug Fix: Fix fatal error when there is an error retrieving Patchstack license information. * Bug Fix: Styling issues on WordPress 6.4. #### 9.0.0 * New: iThemes Security is now Solid Security! Learn More: https://go.solidwp.com/ security-welcome-to-solidwp * Important: Solid Security now requires WordPress 6.2 or later. * New: The Firewall screen brings together the Firewall functionality Solid Security provides into one easy to use screen. More Firewall features are coming soon! * New: The Vulnerabilities screen identifies what vulnerable software you have on your site and guides you through next steps. * New: Identify risks in your site’s security with the the expanded Site Scan functionality. * New: The User Security screen keeps you appraised of the security practices your site’s users are following. Easily apply actions to multiple users in one-click like resetting passwords or logging out active sessions. * Enhancement: The dashboard and settings screens have been redesigned to make it easier to find what you’re looking for. * Enhancement: The Security Summary dashboard card gives you a snapshot of the most important security issues affecting your site. * Enhancement: Add support for loading Solid Security via an MU-Plugin for improved performance when blocking attackers. * Tweak: Remove the IP Tracker Online link from the logs page. * Bug Fix: PHP 8.2 compatibility. * Bug Fix: Resolved PHP warnings when unexpected data is encountered during software updates. #### 8.1.8 * News: iThemes Security is becoming Solid Security soon. Learn More: https://go. solidwp.com/security-free-notice-ithemes-becoming-solidwp #### 8.1.7 * Important: Enforce encryption for Two-Factor secrets. * Tweak: Add Stellar and Solid banners. * Bug Fix: Don’t require “Write to Files” to be enabled to use the “Rotate Encryption Key” tool. #### 8.1.6 * Bug Fix: Fallback to the homepage when Enforce SSL encounters a non-safelisted redirect destination. * Bug Fix: IP Detection on sites behind Load Balancers that appended their IP address to X-Forwarded-For and did not provide a Real IP header. #### 8.1.5 * Security Hardening: Prevent open redirects attacks against the Enforce SSL module. This attack requires spoofing the Host header which requires additional conditions to exploit. Thanks to nlpro for reporting the issue. Read More: https://ithemes. com/?p=84309 * Bug Fix: Update Password Strength library to the latest version. This fixes discrepancies between the realtime password strength estimation and the enforced password strength. #### 8.1.4 * Tweak: Add “All” tab to the Features page. * Tweak: Don’t show “Ban” buttons in Security Dashboard if the user won’t be able to create a ban. * Bug Fix: Prevent Headers Already Sent warning when a lockout occurs during a WP Cron request on some server setups. * Bug Fix: Manually load Sodium Polyfill for servers that have an older version of libsodium installed. * Bug Fix: Error when saving the File Change settings when the “notify_admin” setting was set. * Bug Fix: Prevent a redirect loop when logging in on sites that take more than 5 seconds to load the Dashboard. #### 8.1.3 * Important: iThemes Security now requires PHP 7.3 and WordPress 5.9 or later. * Security: Add support for encrypting Two-Factor Mobile App secrets. Enable via Tools -> Set Encryption Key. * Security: Deprecate Automatic Proxy Detection. Instead, manually configure Proxy Detection or use Security Check. Fix IP spoofing attacks. * Enhancement: Add “Ban Lockout” button to the Active Lockouts card. * Bug Fix: File Logs not rotating. * Bug Fix: PHP warning when loading Icon Fonts in certain configurations. * Bug Fix: Don’t attempt to Hide Backend when a Cron request is being processed. * Bug Fix: Prevent entering invalid date values when selecting a custom date range in the Security Dashboard. * Bug Fix: Preliminary PHP 8.1 compatibility. * Bug Fix: File Change “notify_admin” settings validation error. * Thanks to Calvin Alkan for reporting the security issues fixed in this release. #### 8.1.2 * Tweak: Require a Title when creating a new Dashboard. * Bug Fix: Don’t attempt to send a Site Scan notification for Clean scans preventing a fatal error after scheduled site scans. #### 8.1.1 * Bug Fix: Error when visiting the Notifications page after activating a module with notifications for the first time. * Bug Fix: Update deprecated withState usages to useState. #### 8.1.0 * Important: iThemes Security now requires WordPress 5.8 or later. * New Feature: Include the full iThemes Security Site Scanner in iThemes Security Free. Scheduled scans are disabled by default. * Tweak: Add new “Go Pro” page that includes an overview of features in iThemes Security Pro. * Bug Fix: Scroll to top of window when navigating. * Bug Fix: Allow searching for Password Requirements. * Bug Fix: Don’t load WordPress and System Tweaks modules when the `ITSEC_DISABLE_MODULES` constant is enabled. * Bug Fix: Prevent incidentally loading the Two-Factor module when it is unregistered. * Bug Fix: Conditionally display the NGINX File Path setting. * Bug Fix: Allow saving Notifications when “default recipients must contain at least 1 item” error is present. * Bug Fix: Help styling on WordPress 5.9. * Bug Fix: Compatibility with plugins that expected a logged-in user during lockouts. #### 8.0.2 * Enhancement: Reintroduce Feature Flags management UI. * Tweak: Reposition “Advanced” and “Tools” menu items to be more readable on lengthy screens. * Bug Fix: When the Change Admin User tool is run, update any User Groups referencing the old user id. * Bug Fix: WordPress footer would appear in the middle of the logs page. * Bug Fix: Add missing translation strings file. #### 8.0.1 * Bug Fix: Sites that did not support HTTPS, but had the SSL module active, but not configured, on upgrade would get redirected to the HTTPS version of the site. * Bug Fix: Unregister the iThemes Security Two-Factor module when the Two-Factor Feature Plugin is enabled. * Bug Fix: Allow activation on WordPress 5.7.0. * Bug Fix: Add missing textdomains. #### 8.0.0 * Important: iThemes Security now requires WordPress 5.7 and PHP 7.0 or later. * New: iThemes Security gets a redesigned interface focused on making it easier to configure and find what you’re looking for. Read More: https://ithemes.com/? p=65086. * New: Instantly search over everything in iThemes Security with a new instant search feature. * New: Security Tools have been grouped into their own page. “Identify Server IPs” and “Security Check Pro” can be run manually without using Debug Mode. * New: Relevant content from the Help Center, iThemes Blog, and iThemes YouTube channel is surfaced in a new Help area based on the current page. Click the “ Help” button in the toolbar or the “Info” icon next to the page title to access it. * New: The settings UI is now fully responsive and works great across mobile, tablet, and desktop devices. * New: Two-Factor is now part of the core iThemes Security plugin. * Enhancement: Improved keyboard and screen reader support. * Enhancement: The Banned Users Card can add multiple bans at once. * Tweak: Add a new Global setting to control “Automatically Temporarily Authorize Hosts”. * Tweak: When the Global setting “Hide Security Menu in Admin Bar” is enabled, notices will no longer be printed on non-iThemes Security pages. Instead, you can access the Message Center from the Settings or Dashbaord toolbars. * Tweak: The Database Backups module is no longer available if you have BackupBuddy installed. If this behavior isn’t desired, enable the “ITSEC_ENABLE_BACKUPS” constant. * Tweak: The Geolocation API configuration used by Trusted Devices has been moved into it’s own dedicated “Geolocation” module. * Tweak: Move “Have I Been Pwned” integration to the Core plugin. * Tweak: Reduce filename length and complexity for built CSS and JS files. * Removed: The following modules have been removed: 404 Detection, Away Mode, Change Content Directory, and Multisite Tweaks. * Removed: The following WordPress and System Tweaks have been removed: Remove Windows Live Writer Header, EditURI Header, Comment Spam, Mitigate Attachment File Traversal Attack, Protect Against Tabnapping, Filter Long URL Strings, Filter Non-English Characters, Filter Request Methods, Remove File Writing Permissions. * Removed: The “Backup Full Database” setting has been removed from the Backups module. * Removed: The “Require SSL”, “Front End SSL Mode”, and “SSL for Dashboard” settings have been removed from the SSL module. * Bug Fix: Fix fatal errors when using PHP 8. * Bug Fix: Fix infinite loop when restricting who can use App Passwords on multisite installs. * Bug Fix: Ensure the ITSEC_Setup class does not exist before trying to load it. Display schema errors on multisite in the Network Admin. * Bug Fix: Labels for Disable PHP Execution in Plugins and Themes were reversed. * Bug Fix: Add missing constants to the debug page. * Bug Fix: Remove deleted recipients when saving notifications. * Bug Fix: Correct Site Scan statuses for scans with no issues. * Dev Note: Modules are now based on a module.json configuration file. If you are registering custom iThemes Security module, you should update it to include a module.json file that adheres to the core/module-schema.json JSON Schema. * Dev Note: The Network Brute Force module had it’s folder updated to “network- brute-force” from “ipcheck”. * Dev Note: New Object Oriented API for creating Password Requirements. * Dev Note: New Settings and Modules REST API endpoints. * Dev Note: New RPC REST API namespace. There is no backward compatibility promise for these API endpoints. ## Plugin comercial Este plugin es gratuito pero ofrece actualizaciones o soporte comercial de pago. [Ver soporte](https://solidwp.com/security/why-go-pro/?utm_source=wordpress.org&utm_medium=readme&utm_campaign=support-link) ## Meta * Versión **9.4.7** * Última actualización **hace 2 semanas** * Instalaciones activas **700,000+** * Versión de WordPress ** 6.5 o superior ** * Probado hasta **6.9.4** * Versión de PHP ** 7.4 o superior ** * Idiomas * [Chinese (China)](https://cn.wordpress.org/plugins/better-wp-security/), [Danish](https://da.wordpress.org/plugins/better-wp-security/), [Dutch](https://nl.wordpress.org/plugins/better-wp-security/), [Dutch (Belgium)](https://nl-be.wordpress.org/plugins/better-wp-security/), [English (Australia)](https://en-au.wordpress.org/plugins/better-wp-security/), [English (Canada)](https://en-ca.wordpress.org/plugins/better-wp-security/), [English (New Zealand)](https://en-nz.wordpress.org/plugins/better-wp-security/), [English (South Africa)](https://en-za.wordpress.org/plugins/better-wp-security/), [English (UK)](https://en-gb.wordpress.org/plugins/better-wp-security/), [English (US)](https://wordpress.org/plugins/better-wp-security/), [French (France)](https://fr.wordpress.org/plugins/better-wp-security/), [German](https://de.wordpress.org/plugins/better-wp-security/), [Hungarian](https://hu.wordpress.org/plugins/better-wp-security/), [Japanese](https://ja.wordpress.org/plugins/better-wp-security/), [Korean](https://ko.wordpress.org/plugins/better-wp-security/), [Lao](https://lo.wordpress.org/plugins/better-wp-security/), [Persian](https://fa.wordpress.org/plugins/better-wp-security/), [Russian](https://ru.wordpress.org/plugins/better-wp-security/), [Spanish (Chile)](https://cl.wordpress.org/plugins/better-wp-security/), [Spanish (Colombia)](https://es-co.wordpress.org/plugins/better-wp-security/), [Spanish (Ecuador)](https://es-ec.wordpress.org/plugins/better-wp-security/), [Spanish (Mexico)](https://es-mx.wordpress.org/plugins/better-wp-security/), [Spanish (Spain)](https://es.wordpress.org/plugins/better-wp-security/), [Spanish (Venezuela)](https://ve.wordpress.org/plugins/better-wp-security/), y [Vietnamese](https://vi.wordpress.org/plugins/better-wp-security/). * [Traducir a tu idioma](https://translate.wordpress.org/projects/wp-plugins/better-wp-security) * Etiquetas * [brute force protection](https://cl.wordpress.org/plugins/tags/brute-force-protection/) [malware](https://cl.wordpress.org/plugins/tags/malware/)[password protection](https://cl.wordpress.org/plugins/tags/password-protection/) [security](https://cl.wordpress.org/plugins/tags/security/)[two factor authentication](https://cl.wordpress.org/plugins/tags/two-factor-authentication/) * [Vista Avanzada](https://cl.wordpress.org/plugins/better-wp-security/advanced/) ## Calificaciones 4.6 de 5 estrellas. * [ 3,417 valoraciones de 5 estrellas ](https://wordpress.org/support/plugin/better-wp-security/reviews/?filter=5) * [ 177 valoraciones de 4 estrellas ](https://wordpress.org/support/plugin/better-wp-security/reviews/?filter=4) * [ 46 valoraciones de 3 estrellas ](https://wordpress.org/support/plugin/better-wp-security/reviews/?filter=3) * [ 62 valoraciones de 2 estrellas ](https://wordpress.org/support/plugin/better-wp-security/reviews/?filter=2) * [ 280 valoraciones de 1 estrellas ](https://wordpress.org/support/plugin/better-wp-security/reviews/?filter=1) [Your review](https://wordpress.org/support/plugin/better-wp-security/reviews/#new-post) [Ver todas las reseñas](https://wordpress.org/support/plugin/better-wp-security/reviews/) ## Colaboradores * [ StellarWP ](https://profiles.wordpress.org/stellarwp/) * [ iThemes ](https://profiles.wordpress.org/ithemes/) * [ Timothy Jacobs ](https://profiles.wordpress.org/timothyblynjacobs/) * [ Lisa Canini ](https://profiles.wordpress.org/lisacee/) * [ SolidWP ](https://profiles.wordpress.org/solidwp/) ## Soporte Problemas resueltos en los últimos dos meses: 6 de 19 [Ver el foro de soporte](https://wordpress.org/support/plugin/better-wp-security/)