Ithemes Security is a WordPress Plugin that is meant to improve the security of your website by rewriting the htaccess file to block requests from IP addresses such as bots, fake Google crawlers, and much more.
WordPress by its self is not that secure due to the threat of it being hacked cracked and exploited by hackers as it is so widely used so you need to be able to protect yourself from more common threats such as brute force, fake crawling and scraping, unauthorized access to your theme files and much more can be protected with this plugin.
Here are just some of the things that Ithemes Security can do to protect your WordPress website.
Scans your site to instantly report where vulnerabilities exist and fixes them in seconds
Bans troublesome user agents, bots and other hosts
Prevents brute force attacks by banning hosts and users with too many invalid login attempts
Strengthens server security
Enforces strong passwords for all accounts of a configurable minimum role
Forces SSL for admin pages (on supporting servers)
Forces SSL for any page or post (on supporting servers)
Turns off file editing from within WordPress admin area
Detects and blocks numerous attacks to your file-system and database
You should be using a plugin like this to protect your website due to the increasing amount of threats that WordPress based websites are under lately. These simple settings will greatly improve the security of your website and even if you don’t understand the settings it tells you what they do why you should do them or not do them and give you recommendations before making any major changes such as your database.
Some quick additional changes that you can make is to turn off trackback and pingbacks as they can be easily exploited by hackers to crash your website. You can also change the moderation settings of your comments to prevent random people from posting spam links or use a form of protection such as hashcash. Then follow through with proper settings on the plugin.
The main things that you should be looking to turn on are anything in the critical settings while minor warnings may not be applicable to all websites. If you have an SSL certificate it is recommended to turn it on for all pages as Google has recently announced that using an SSL on your website will help it rank better in search results. Follow through the basic setup configuration and your WordPress website will be protected from most common threats.