Hi @generosus,
Thank you for reaching out to us.
iThemes Security hardens your WordPress application to protect against attacks in many ways. But it’s impossible to say if it’ll protect against a certain infection without knowing exactly how it exploited the site.
As for making sure that your website is secured, here are our official recommended features and settings:
- Enforcing Strong Passwords
- Enabling reCAPTCHA for your WordPress login
- Enabling Two-factor Authentication
- Enabling Automatically ban “admin” user
- Enabling Force Unique Nickname and Disable Extra User Archives
- Optional: Disable XML-RPC (This is optional as some plugins require this to function, instead, ensure that “Allow Multiple Authentication Attempts per XML-RPC Request” is unchecked to block multiple login attempts)
- Optional: Set REST API to Restricted Access
- Highly recommended: Keep WordPress, theme, and plugins up-to-date and remove vulnerable/outdated plugins.
- Highly recommended: Looking into web application firewalls such as Cloudflare and a server-side firewall to use with iThemes Security Pro
- Highly recommended: Ensure to use a?secure hosting provider, as sometimes an attack comes from another compromised site on the server.
Please let me know if it helps and how I can be of further assistance.
Best regards,
Shalom
