<0Q 1Q ;Q1GQyQ{QRYR-Sq.SfS6T>TTU YVdVvVVV$V V VVWW"Y4YrFYYxRZoZ;[M\)]`]_^z^a_``MaDa?=b}bccDKdd)+eAUe2e<e$f,f)3g]ggikVmmon_+oop/pqqr=s[tktbuLuu uuu'u, vMv]vnzv#v ww 1w >wIwHRwYwOwTEx xxxlx?.y7ny9yySz{#{|C|0}QJ}Q}}~~3ցJ܃] c|qQI3w#;? 6@ Tbw .\FDNV h.r 4̊  )CWDk ŒDrq)\ct ɔ$5^; lhH~\ǖy$ Es y6 Θ0/EB'+^ܙ;PXjG4̚57=^V ț՛ 3 DR#W<{8.=OemUJ)t M"pKҠM7IdB8š-$7REd!ɤ!! q/ P,-M &4$Gl  )ĨbQq !  C5<LrL6 pC ERvS7ʮ!$*FX3h .;LS[O  6J ^k ʳ"T[ % 1 ? M[mʵ\EN\*kֶBӷ2øJ^b'׹MEMĺͺݺ r ~h,@Tl- ƼӼ  ? _m \ ,qv O,K=TyI!}<O  &UZ iw [ $>0Nkjs :7> S ] h$v e9 ANbzDffD'l ;,,2_-h4hTeu' & 5?Bd8 9 <Ic's& ; !/26?   -AS i uWM[|e& L+SVX^IZ kfG8a_|<A6 x(o6^LK %3 HVGpd|=0& 2@   "/@YwQ'+=FX o } &5FO^nGH MX h8f)%A%.%I o| < V do^DU M 4 ?JZaHt U Ze 7 DR3d+%V3|]Mb'*H @?$-"gh^F/F>>Xl<ZrP2e Bu z I3 D}  H B) Nl Y p h Z pJaNlfl}\vfQaU[}p\JcM HYt"_wg ^uHB`lQ,eShl\|? "!='!9e!?!M!I-"Mw"K"a#bs$D%E')a(*)t)+*h*u<+u+h(,h,j,e- .W%.Y}..Sk/#/%/ 0"(0oK0G01*1"I1$l1$1+1R1M52k2y2Hi383345j56E6j6wi77H8|C99E:<<<<8<95=o=W/>g>>?? ??? v@@@LAfA zAA-AKA+C/D>DNEPjE4EyEjF6 G,CGpGiHlIwI{eJJKV3LL L(L"L M6MSMLcM@MMU{NN[gPPQQ QQQ QQR\ RgR zRRRRVRScSSSSVSS T TETlUVIVWXX(X=YZ[[+[[<[g5\\@$]`e]F]g ^su^Z^BD_!_M_#_Y`u`"`8`0`aY5afa"a-bGc6dtIde e-e f.*fYf_fsffffff%fiuij,kkl $m1m4m HmRm dm?rm'm?m6nQnmnnnHn o o1p6pHVp]pYp-Wqqqfq6^rrJst ttttt$ u 0u >uHuYutuywwrwxxxo"yyz{`U||z=}}u~8MDP?Հ^D)A2<"$_):3V@nj_f/.^?[gÒbwLړ' /:I'P,xnҔ#A eq  HZPNT l?7ȗ9:S ^#ImC/0sTTN{"ޞ6< â|ѢNQW3Fzw;?V  ¦ئ .\HF ɨ.Ө  4- bo MWpD̪ #Dӫq IJղ *$A5f^ l hvHߴ\(y E Pն ۶6 #00J{E'+^≯G4.5c^ *7KQgl| <Ⱥ8>C^{ͻջUFbJvM׽XMoKӾM6BϿ8Kh-q7E!!8!Zq| P,MzM\d s$  )b; !!0 8CF5LL 6Zq E ROv7!Qsy3 SO` eq    "4TW v   \mN*kj2r^'M'Eu 'r3h(8?Th|  " /P p~ \= O,/\NTyI!,}NO &Ul { m  > =<ETf~ :7 $ . 9$Glq e   4LDaf8D=Y u;,,0-9go4h%6Fd' & ?dS8  4'D&l xo<    % ; GWSM-|{e ^LSXX2VeIZk:G8a_P<A  LV(po ^~K  )GCd|  0 &          , J j q Qy      + B P]l  "1ATdGH + ;8\f%|A% BO`o ) 7B^D(m M  -4HG U -8  %37k%)3O0M5'U*}H @$S-x"gh1F/F!X!?,"l#B$<$0%%H&Pa&2&e&BK'z'I (DS((H)B)NB*Y*p*h\+Z+p ,a,N,B-f^-l-}2.v.f'/a//Uu00[S1p1\ 2c}2M2H/3x3t3`m4445xl6g6^M8H8B889l9):,=:j:S:@;l;\T=?==">=>9bNbP(c4ycyc(d6d,e.e'f*gwg{#hhCiViHj fj(j"j jjkL!k@nkkU9ll[$nniono ooo ooo\o$p 7pAp]pqpVyppcpToQSz z/LIUw[1tY$4.48$k6sz>HT+kc~l7p'+|9qF_ n!N@VP @SH$() pqZjMhYzH/w&84BqIv]f"WROdP}nXMR2 1*D?u9Fc!I l>)J0efO. PEZrNrG=2u)`P6-oJ,FA(E5(Ne<3mK571% Gdhx bs<- 6!r'O#vgCi&Ceapb:WW-,B]^x{JtA7Zs, w26<#Yh.@rAS{ >(|Ba|^@G#/D"WtaC'#/y3mHVIb=%XEoMKUyidmq;u\ijU }_'XbB^L `kwQ,O0R?[Y?V[&V_m{)x [j\ k]]|_ }9K9?%1$s %2$d%1$s (%2$s)%1$s (%2$s)%1$s is enabled as recommended.%1$s is the input name. %2$s is the error message.The directory supplied in %1$s cannot be used as a valid directory. %2$s%1$s is the input name. %2$s is the error message.The file path supplied in %1$s cannot be used as the parent directory cannot be created. %2$s%1$sHide Backend%2$s will notify the chosen recipients whenever the login URL is changed.%s could not be read due to an unknown error.%s could not be read. Both the fopen/feof/fread/flock and file_get_contents functions are disabled on the server.%s could not be read. Both the opendir/readdir/closedir and glob functions are disabled on the server.%s could not be read. It does not appear to be a file.%s could not be written as a file. The requested path already exists as a directory. The directory must be removed or a new file name must be chosen before the file can be written.%s could not be written. Both the fopen/fwrite/flock and file_put_contents functions are disabled on the server. This is a server configuration issue that must be resolved before iThemes Security can write files.%s could not be written. This could be due to a permissions issue. Ensure that PHP runs as a user that has permission to write to this location.%s pending← Back to %s*Known Spam detected+ more Pro-only features1 item%s items25% off BackupBuddy with coupon code404 Detection404 Error404 Errors Found404 File/Folder White List404 detection looks at a user who is hitting a large number of non-existent pages and getting a large number of 404 errors. 404 detection assumes that a user who hits a lot of 404 errors in a short period of time is scanning for something (presumably a vulnerability) and locks them out accordingly. This also gives the added benefit of helping you find hidden problems causing 404 errors on unseen parts of your site. All errors will be logged in the "View Logs" page. You can set thresholds for this feature below.Host: %1$sUser: %1$sIMPORTANT: Deactivating or uninstalling this plugin will not revert the changes made by this feature.IMPORTANT: Ensure that you create a database backup before undoing the Content Directory change.IMPORTANT: Ensure that you create a database backup before changing the Content Directory.WARNING: Backup your database before using this tool.WARNING: Changing the name of the Content Directory on a site that already has images and other content referencing it will break your site. For this reason, we highly recommend only changing the Content Directory on a fresh WordPress install.WARNING: Undoing the Content Directory change when images and other content were added after the change will break your site. Only undo the Content Directory change if absolutely necessary.Warning: The changes made by this tool could cause compatibility issues with some plugins, themes, or customizations. Ensure that you create a database backup before using this tool.Advanced - Choose different settings for front-end and dashboard page requests.Allow - Allows XML-RPC requests that contain multiple login attempts. Only use this setting if a service requires it.Block - Blocks XML-RPC requests that contain multiple login attempts. This setting is highly recommended.Default Access - Access to REST API data is left as default. Information including published posts, user details, and media library entries is available for public access.Disable Pingbacks - Only disable pingbacks. Other XML-RPC features will work as normal. Select this setting if you require features such as Jetpack or the WordPress Mobile app.Disable XML-RPC - XML-RPC is disabled on the site. This setting is highly recommended if Jetpack, the WordPress mobile app, pingbacks, and other services that use XML-RPC are not used.Disabled - Use the site's default handling of page requests.ERROR: Invalid email address or incorrect password.ERROR: Invalid username or incorrect password.Email Address Only - Users can only log in using their user's email address. This disables logging in using a username.Email Address and Username (Default) - Allow users to log in using their user's email address or username. This is the default WordPress behavior.Enable XML-RPC - XML-RPC is fully enabled and will function as normal. Use this setting only if the site must have unrestricted use of XML-RPC.Enabled - Redirect all http page requests to https.Error: Due to site rules, a strong password is required. Please choose a new password that rates as Strong on the meter.Host lockout message: %sHow long lockouts will be remembered for ban: %sIs this computer white-listed: %sNumber of lockouts before permanent ban: %sPermanently ban: %sRestricted Access - Restrict access to most REST API data. This means that most requests will require a logged in user or a user with specific privileges, blocking public requests for potentially-private data. We recommend selecting this option.User lockout message: %sUsername Only - Users can only log in using their user's username. This disables logging in using an email address.A "internal server" error prevented the request from completing as expected. The server returned a 500 status code, indicating that the server was unable to complete the request due to a fatal PHP error or a server problem. This could be due to a plugin/theme conflict, a server configuration issue, a temporary hosting issue, or invalid custom PHP modifications. Please check your server's error logs for details about the source of the error and contact your hosting company for assistance if required.A "not found" error prevented the request from completing as expected. The server returned a 404 status code, indicating that the server was unable to find the requested admin-ajax.php file. This could be due to a plugin/theme conflict, a server configuration issue, or an incomplete WordPress installation. Please try refreshing the page and trying again. If the request continues to fail, you may have to alter plugin settings, alter server configurations, or reinstall WordPress.A "request forbidden" error prevented the request from completing as expected. The server returned a 403 status code, indicating that the server configuration is prohibiting this request. This could be due to a plugin/theme conflict or a server configuration issue. Please try refreshing the page and trying again. If the request continues to fail, you may have to alter plugin settings or server configuration that could account for this AJAX request being blocked.A Nickname is required. Please choose a nickname or fill out your first and last name.A file (or files) on your site have been changed. Please review the report below to verify changes are not the result of a compromise.A file or directory already exists at %s. No Directory Name changes have been made. Please choose a new Directory Name or remove the existing file or directory and try again.A host was prevented from accessing the dashboard due to away-mode restrictions being in effectA nonce security check failed, preventing the request from completing as expected. Please try reloading the page and trying again.A parser error prevented the request from completing as expected. The site sent a response that jQuery could not process. This could be due to a plugin/theme conflict or a server configuration issue.A password change is required for your account.A permissions security check failed, preventing the request from completing as expected. The currently logged in user does not have sufficient permissions to make this request. Please try reloading the page and trying again.A scan is already in progress. Please check the logs page at a later time for the results of the scan.A timeout error prevented the request from completing as expected. The site took too long to respond. This could be due to a plugin/theme conflict or a server configuration issue.A validation check for %1$s failed. The %2$s value is missing. This could be due to a problem with the iThemes Security installation or an invalid modification. Please reinstall iThemes Security and try again.A validation function for %1$s received data that did not have the required entry for %2$s.A validation function for %1$s received data that does not match the expected data type for the %2$s entry. A data type of %3$s was expected, but a data type of %4$s was received.A validation function for %1$s received data that has an entry for %2$s when no such entry exists.A whitelisted host has triggered a lockout condition but was not locked out.API KeyAPI SecretAbout LockoutsActionActivate Network Brute Force ProtectionActivating Network Brute Force Protection...Active LockoutsAdd InfiniteWP CompatibilityAdd an extra layer of protection to your WordPress site with iThemes Security Pro, including:Add my current IP to the White ListAdded FilesAdded by W3 Total CacheAdmin EmailsAdmin UserAdvancedAdvanced feature to rename the wp-content directory to a different name.Advanced settings that improve security by changing default WordPress Multisite behavior.Advanced settings that improve security by changing default WordPress behavior.Advanced settings that improve security by changing the server config for this site.All Log DataAllowAllow Data TrackingAllow administrators to temporarily grant extra access to a user of the site for a specified period of time.Allow iThemes Security to write to wp-config.php and .htaccess.Allow iThemes to track plugin usage via anonymous data.Alter target="_blank" links to protect against tabnappingAn "invalid format" error prevented the request from completing as expected. The format of data returned could not be recognized. This could be due to a plugin/theme conflict or a server configuration issue.An advanced tool that removes users with a username of "admin" or a user ID of "1".An attempt to register the %1$s module failed since the supplied path (%2$s) is invalid. This could indicate an invalid modification or incomplete installation of the iThemes Security plugin. Please reinstall the plugin and try again.An empty ip argument was submitted.An error prevented the scan from completing as expected. The currently logged in user does not have sufficient permissions to run this scan. You may need to log out of the site and log back in.An invalid sanitize type of "%1$s" was received for the %2$s input.An unknown error occured. Please try again laterAn unknown error prevented releasing the lockout the host with a lockout ID of %dAn unknown error prevented releasing the lockout the user with a lockout ID of %dAn unknown error prevented the API key from being reset properly. An unrecognized response was received. Please wait a few minutes and try again.An unknown error prevented the API key request from succeeding. The request for an API key returned an empty key. Please wait a few minutes and try again.An unknown error prevented the API key request from succeeding. The request for an API key returned an unrecognized response. Please wait a few minutes and try again.An unknown error prevented the API key request from succeeding. This problem could be due to a server configuration or plugin compatibility issue. Please wait a few minutes and try again.An unknown error prevented the API key secret request from succeeding. The request for an API key secret returned an unrecognized response. Please wait a few minutes and try again.An unknown error prevented the API key secret request from succeeding. The request for an API key submitted an empty key. Please wait a few minutes and try again.An unknown error prevented the API key secret request from succeeding. This problem could be due to a server configuration or plugin compatibility issue. Please wait a few minutes and try again.An unknown error prevented the API key secrete request from succeeding. The request for an API key secret returned an empty key secret. Please wait a few minutes and try again.An unknown error prevented the request from completing as expected. This could be due to a plugin/theme conflict or a server configuration issue.An unknown error prevented the scan from completing successfully. The Sucuri server responded with a %s error code.ApplyAre you lost?Are you sure you want to enable SSL? If your server does not support SSL you will be locked out of your WordPress Dashboard.ArticlesAs a getting-started point you can include the blacklist developed by Jim Walker.As most sites are only updated at certain times of the day it is not always necessary to provide access to the WordPress dashboard 24 hours a day, 7 days a week. The options below will allow you to disable access to the WordPress Dashboard for the specified period. In addition to limiting exposure to attackers this could also be useful to disable site access based on a schedule for classroom or other reasons.Attached is the database backup file for your site.AttemptsAutomatic file change scanning is triggered by a user visiting your page and may not happen exactly at the time listed.Automatically ban "admin" userAutomatically ban IPs reported as a problem by the network.Automatically block users snooping around for pages to exploit.Away ModeAway Mode TriggeredBACKUPPROTECTBackup Full DatabaseBackup IntervalBackup LocationBackup MethodBackup Save MethodBackup complete. The backup was saved locally.Backup complete. The backup was sent to the selected email recipients and was saved locally.Backup complete. The backup was sent to the selected email recipients.BackupBuddy is the complete backup, restore and migration solution for your WordPress site. Schedule automated backups, store your backups safely off-site and restore your site quickly & easily.BackupsBackups to RetainBan HostsBan Hosts - Security > Settings > Banned UsersBan ListsBan Reported IPsBan User AgentsBan User Agents - Security > Settings > Banned UsersBanned UsersBelow are various logs of information collected by iThemes Security Pro. This information can help you get a picture of what is happening with your site and the level of success you have achieved in your security efforts.BlacklistBlacklist Lockout PeriodBlacklist Lookback PeriodBlacklist Repeat OffenderBlacklist ThresholdBlock (recommended)Block specific IP addresses and user agents from accessing the site.BothBulk ActionsBy default, WordPress allows users to log in using either an email address or username. This setting allows you to restrict logins to only accept email addresses or usernames.By default, WordPress assigns the prefix wp_ to all tables in the database where your content, users, and objects exist. For potential attackers, this means it is easier to write scripts that can target WordPress databases as all the important table names for 95% of sites are already known. Changing the wp_ prefix makes it more difficult for tools that are trying to take advantage of vulnerabilities in other places to affect the database of your site. Before using this tool, we strongly recommend creating a backup of your database.By default, WordPress stores files for plugins, themes, and uploads in a directory called wp-content. Some older and less intelligent bots hard coded this directory in order to look for vulnerable files. Modern bots are intelligent enough to locate this folder programmatically, thus changing the Content Directory is no longer a recommended security step.CIDR notation is allowed to specify a range of IP addresses (###.###.###.###/## or ####:####:####:####:####:####:####:####/###).CRITICAL ERROR: The %1$s directory was successfully renamed to the new name (%2$s). However, an error occurred when updating the wp-config.php file to configure WordPress to use the new content directory. iThemes Security attempted to rename the directory back to its original name, but an unknown error prevented the rename from working as expected. In order for your site to function properly, you will either need to manually rename the %2$s directory back to %1$s or manually update the wp-config.php file with the necessary modifications. The error that prevented the file from updating is as follows: %3$sCancelCannot get lock.Change Content DirectoryChange Database Table PrefixChange PrefixChange User ID 1Change WordPress SaltsChange the ID of the user with ID 1.Change the database table prefix that WordPress uses.Change the location of the wp-content directory so that it uses a different name.Changed FilesChanged the Authentication Methods Available to Users setting in Two-Factor Authentication to "All Methods".Changed the Multiple Authentication Attempts per XML-RPC Request setting in WordPress Tweaks to "Block".Changed the REST API setting in WordPress Tweaks to "Restricted Access".Changed the User Type Protection setting in Two-Factor Authentication to "Privileged Users".Changes were detected. Please check the logs page for details.Check TimeCheck this box and then save settings to change your WordPress Salts.Checking this box will have the backup script backup all tables in your database, even if they are not part of this WordPress site.CleanClear LogsClick the button to load the current file permissions.CloseComment SpamCommunity Lockout MessageComplete Your Security Strategy With BackupBuddyCompress Backup FilesConfigure SettingsConfigure basic settings that control how iThemes Security functions.Configure next iThemes Security settingConfigure previous iThemes Security settingConfigure use of SSL to ensure that communications between browsers and the server are secure.Confirm new passwordCopied!Copy to ClipboardCore Update NotificationsCould not rename table %1$s. You may have to rename the table manually.Could not update prefix references in options table.Could not update prefix references in usermeta table.CountCreate a Database BackupCreate backups of your site's database. The backups can be created manually and on a schedule.Creating Backup...Current pageCustom Login ActionDailyDaily Security DigestDataDatabase BackupDatabase Backup ExecutedDatabase BackupsDatabase OnlyDateDate and time format%1$s \a\t %2$sDate when the admin dashboard should become available again.Date when the admin dashboard should become unavailable.DaysDays to Keep Database LogsDebug info (source page): %sDefault AccessDefault BlacklistDeprecated RecipientsDetailsDirectory BrowsingDisableDisable Directory BrowsingDisable Directory Browsing - Security > Settings > System Tweaks > Directory BrowsingDisable Extra User ArchivesDisable File EditorDisable File Editor - Security > Settings > WordPress Tweaks > File EditorDisable PHP execution in the plugins directory. This blocks requests to PHP files inside plugin directories that can be exploited directly.Disable PHP execution in the themes directory. This blocks requests to PHP files inside theme directories that can be exploited directly.Disable PHP execution in the uploads directory. This blocks requests to maliciously uploaded PHP files in the uploads directory.Disable PHP in PluginsDisable PHP in Plugins - Security > Settings > System Tweaks > PHP in PluginsDisable PHP in ThemesDisable PHP in Themes - Security > Settings > System Tweaks > PHP in ThemesDisable PHP in UploadsDisable PHP in Uploads - Security > Settings > System Tweaks > PHP in UploadsDisable PingbacksDisable Proxy IP DetectionDisable XML-RPC (recommended)Disable XML-RPC - Security > Settings > WordPress Tweaks > XML-RPCDisable access to the WordPress Dashboard on a schedule.Disable login error messagesDisabledDisabled the File Editor in WordPress Tweaks.Disables a user's author page if their post count is 0.Disables the file editor for plugins and themes requiring users to have access to the file system to modify files. Once activated you will need to manually edit theme and other files using a tool other than WordPress.Disabling this feature will prevent the file change warning from displaying to the site administrator in the WordPress Dashboard. Note that disabling both the error message and the email notification will result in no notifications of file changes. The only way you will be able to tell is by manually checking the log files.Dismiss NoticeDismiss WarningDisplay File Change Admin WarningDisplay file change admin warningDo not modify or remove this lineDo not remove. Removing this line could break your site. Added by Security > Settings > Change Content Directory.DocumentationDocumentation: %2$sDownload Our WordPress Security Pocket GuideDue to site rules, a strong password is required for your account. Please choose a new password that rates as Strong on the meter.During periods of heavy attack, iThemes Security can generate a LOT of email.Each error message in iThemes Security has an associated error code that can help diagnose an issue. Changing this setting to "Yes" causes these codes to display. This setting should be left set to "No" unless iThemes Security support requests that you change it.EditURI HeaderEmail AddressEmail Address OnlyEmail Address and Username (default)Email Address: %1$sEmail OnlyEnableEnable Ban ListsEnable Blacklist Repeat OffenderEnable HackRepair.com's blacklist featureEnable HackRepair.com's blacklist feature - Security > Settings > Banned Users > Default BlacklistEnable InfiniteWP CompatibilityEnable RedirectionEnable SSL:Enable Scheduled Database BackupsEnable XML-RPCEnable the hide backend feature.EnabledEnabled %1$s.Enabled the Email Notifications setting in Malware Scan Scheduling.Enabled the Enable Ban Lists setting in Banned Users.Enabled the Vulnerable Site Protection setting in Two-Factor Authentication.Enabled the Vulnerable User Protection setting in Two-Factor Authentication.Enabled the Write to Files setting in Global Settings.Enables secure SSL connection for the front-end (public parts of your site). Turning this off will disable front-end SSL control, turning this on "Per Content" will place a checkbox on the edit page for all posts and pages (near the publish settings) allowing you to turn on SSL for selected pages or posts. Selecting "Whole Site" will force the whole site to use SSL.Enabling this feature helps protect visitors to this site (including logged in users) from phishing attacks launched by a linked site. Details on tabnapping via target="_blank" links can be found in this article.End DateEnd TimeEnd TimestampEnsure that your site is using the recommended features and settings.Ensure your site is using recommended settings and features with a security check.Enter a new username to replace "admin." Please note that if you are logged in as admin you will have to log in again.Enter only 1 IP address or 1 IP address range per line.Enter only 1 user agent per line.ErrorError Code: %sError Message: %sError ThresholdError while sending %1$s notification at %2$s: %3$sError.ErrorsEven the best security solutions can fail. How do you know if someone gets into your site? You will know because they will change something. File Change detection will tell you what files have changed in your WordPress installation alerting you to changes not made by yourself. Unlike other solutions, this plugin will look only at your installation and compare files to the last check instead of comparing them with a remote installation thereby taking into account whether or not you modify the files yourself.Every user on your site affects overall security. See how your users might be affecting your security and take action when needed.Excerpt ViewExclude SelectedExclude TablesExclude files or folders by clicking the red minus next to the file or folder name.Excluded TablesExport your settings as a backup or to import on other sites for quicker setup.FileFile ChangeFile Change DetectionFile Change HistoryFile Change WarningFile ChangesFile Changes DetectedFile EditorFile HashFile OnlyFile PermissionsFile Scan Report for %sFile Writing PermissionsFile changes detected on the site.File types listed here will be recorded as 404 errors but will not lead to lockouts.File types listed here will not be checked for changes. While it is possible to change files such as images it is quite rare and nearly all known WordPress attacks exploit php, js and other text files.Files AddedFiles ChangedFiles DeletedFiles RemovedFiles addedAddedFiles and Folders ListFiles modifiedModifiedFiles removedRemovedFilter Long URL StringsFilter Non-English CharactersFilter Non-English Characters - Security > Settings > System Tweaks > Non-English CharactersFilter Request MethodsFilter Request Methods - Security > Settings > System Tweaks > Request MethodsFilter Suspicious Query Strings in the URLFilter Suspicious Query Strings in the URL - Security > Settings > System Tweaks > Suspicious Query StringsFilter out hits with the trace, delete, or track request methods. This should not be enabled if you use the WordPress REST API.Filter out non-english characters from the query string. This should not be used on non-english sites and only works when "Filter Suspicious Query String" has been selected.First RecordedFor more details, %1$svisit your security logs%2$sFor more information on WordPress roles and capabilities please see %1$s.Force SSL for DashboardForce SSL for Dashboard - Security > Settings > Secure Socket Layers (SSL) > SSL for DashboardForce Unique NicknameForce users to choose a unique nicknameForce users to use strong passwords as rated by the WordPress password meter.Forces all dashboard access to be served only over an SSL connection.Free WordPress Security GuideFront End SSL ModeFunctionGet BackupBuddyGet Free API KeyGet Free SupportGet SupportGet added peace of mind with professional support from our expert team and pro features with iThemes Security Pro.Get iThemes Security ProGet tips for securing your site + the latest WordPress security updates, news and releases from iThemes.Global SettingsGo ProGo to the first pageGo to the last pageGo to the next pageGo to the previous pageGoogle reCAPTCHA integrationHOST - Expires in TIME%1$s - Expires in %2$sHelp & SupportHide BackendHide Backend – New Login URLHide Core Update NotificationsHide DetailsHide Plugin Update NotificationsHide Security Menu in Admin BarHide SettingsHide Theme Update NotificationsHide security menu in admin bar.Hide the login page by changing its name and preventing access to wp-login.php and wp-admin.Hides core update notifications from users who cannot update core. Please note that this only makes a difference in multi-site installations.Hides plugin update notifications from users who cannot update plugins. Please note that this only makes a difference in multi-site installations.Hides the login page (wp-login.php, wp-admin, admin and login) making it harder to find by automated attacks and making it easier for users unfamiliar with the WordPress platform.Hides theme update notifications from users who cannot update themes. Please note that this only makes a difference in multi-site installations.HostHost Lockout MessageHost or User LockoutHost/UserHostsHow many days should a lockout be remembered to meet the blacklist count above.How should event logs be keptIP Flagged by Network Brute Force ProtectionIf one had unlimited time and wanted to try an unlimited number of password combinations to get into your site they eventually would, right? This method of attack, known as a brute force attack, is something that WordPress is acutely susceptible to as, by default, the system doesn't care how many attempts a user makes to login. It will always let you try again. Enabling login limits will ban the host user from attempting to login again after the specified bad login threshold has been reached.If this box is checked the IP address of the offending computer will be added to the "Ban Users" blacklist after reaching the number of lockouts listed below.If this is incorrect, please update it on the WordPress General Settings page by selecting the appropriate time zone. Failure to set the correct timezone may result in unintended lockouts.If you contact support about this error, please provide the following debug details:If you need to manually add the wp-config.php rules generated by iThemes Security to your server, you can find them here.If you need to manually add the server config rules generated by iThemes Security to your server, you can find them here.If you're not using a proxy service such as Varnish, Cloudflare or others turning this on may result in more accurate IP detection.Ignore File TypesIgnored File TypesImmediately ban a host that attempts to login using the "admin" username.Include SelectedInclude/Exclude FilesInclude/Exclude Files and FoldersIndividual IP addresses must be in IPv4 or IPv6 standard format (###.###.###.### or ####:####:####:####:####:####:####:####).Infected URL: %2$sIntegrated with iThemes Security, so you can release lockouts and turn Away Mode on or off right from your Sync dashboard or your phone.Invalid Login AttemptInvalid Login AttemptsInvalid UserIs your site as secure as it could be?Issues DetectedJoin a network of sites that reports and protects against bad actors on the internet.Last GeneratedLast RecordedLast RunLast sent on %sLearn MoreLearn simple WordPress security tips — including 3 kinds of security your site needs and 4 best security practices for keeping your WordPress site safe with our free guide.Limit the number of backups stored locally (on this server). Any older backups beyond this number will be removed. Setting to "0" will retain all backups.Limits the number of characters that can be sent in the URL. Hackers often take advantage of long URLs to try to inject information into your database.List ViewList advanced modulesAdvancedList all modulesAllList recommended modulesRecommendedLists file and directory permissions of key areas of the site.Load File Permissions DetailsLocal Brute Force ProtectionLocal brute force protection looks only at attempts to access your site and bans users per the lockout rules specified locally. Network brute force protection takes this a step further by banning users who have tried to break into other sites from breaking into yours. The network protection will automatically report the IP addresses of failed login attempts to iThemes and will block them for a length of time necessary to protect your site based on the number of other sites that have seen a similar attack.LocationLockout PeriodLockout White ListLockout in Effect UntilLockoutsLog SummaryLog TypeLog user actions such as login, saving content and others.Logging settings can be managed in the Global Settings.Login Error MessagesLogin NowLogin SlugLogin URL: %sLogin with Email Address or UsernameLogsLong URL StringsLookup IP Address.MBMagic LinksMake the most of iThemes Security features with our free iThemes Security tutorials.MalwareMalware ScanMalware Scan ReportMalware Scan SchedulingMalware found on URLMalware scanning is temporarily unavailable, please try again later.Manage SettingsManage Your Sites RemotelyManage and configure email notifications sent by iThemes Security related to various settings modules.Manage and configure email notifications sent by iThemes Security related to various settings modules. If errors are encountered while sending notification emails, they will be reported here..Manage updates remotely for up to 10 WordPress sites today for free!Max Login Attempts Per HostMax Login Attempts Per UserMemory UsedMessageMessagesMinimum role at which a user must choose a strong password.MinutesMinutes to Remember 404 Error (Check Period)Minutes to Remember Bad Login (check period)ModifiedMonitor the site for unexpected file changes.MonthlyMonthly Security DigestMultiple Authentication Attempts per XML-RPC RequestMultiple versions of iThemes Security are active. Please disable all extra versions of iThemes Security.Multisite TweaksNGINX Conf FileNeed Help Securing Your Site?Network Brute Force ProtectionNetwork vs Local Brute Force ProtectionNew Admin UsernameNew Directory NameNew Login URLNew Notification from iThemes SecurityNew PasswordNew notifications available in the %1$sNotification Center%2$s.New! Take your site security to the next level by activating iThemes Brute Force Network Protection.New! The iThemes Security dashboard just got a new look.Next automatic scan at: NoNo (default)No changes were detected.No items found.No lockouts since the last email check.No lockouts were selected for removal.Non-English CharactersNot yet sent.Note: After enabling this feature, you will be logged out and you will have to log back in. This is to prevent possible cookie conflicts that could make it more difficult to get in otherwise.Note: The output is limited to alphanumeric characters, underscore (_) and dash (-). Special characters such as "." and "/" are not allowed and will be converted in the same manner as a post title. Please review your selection before logging out.Note: The use of this tool requires quite a bit of system memory which may be more than some hosts can handle. If you back your database up you can't do any permanent damage but without a proper backup you risk breaking your site and having to perform a rather difficult fix.Note: These settings are listed as advanced because they block common forms of attacks but they can also block legitimate plugins and themes that rely on the same techniques. When activating the settings below, we recommend enabling them one by one to test that everything on your site is still working as expected.Note: You cannot ban yourself.Notification CenterNotificationsOKOffOne TimeOne of the best ways to protect yourself from an attack is to have access to a database backup of your site. If something goes wrong, you can get your site back by restoring the database from a backup and replacing the files with fresh ones. Use the button below to create a backup of your database for this purpose. You can also schedule automated backups and download or delete previous backups.Override EndOverride Proxy DetectionOverride TypePHP in PluginsPHP in ThemesPHP in UploadsPassword ExpirationPath to Log FilesPayload:
%s
Per ContentPermanentlyPermissions for the directory %s could not be read as the directory could not be found.Permissions for the directory %s could not be read as the fileperms() function is disabled. This is a system configuration issue.Permissions for the file %s could not be read as the file could not be found.Permissions for the file %s could not be read as the fileperms() function is disabled. This is a system configuration issue.Please note that according to your WordPress Timezone settings your current time is:Please press Ctrl/Cmd+C to copy.Plugin Update NotificationsPowered by WordPressPress the button below to create a database backup using the saved settings.Press the button below to scan your site's files for changes. Note that if changes are found this will take you to the logs page for details.Prevent public access to readme.html, readme.txt, wp-config.php, install.php, wp-includes, and .htaccess. These files can give away important information on your site and serve no purpose to the public once WordPress has been successfully installed.Prevents error messages from being displayed to a user upon a failed login attempt.Prevents scripts and users from being able to write to the wp-config.php file and .htaccess file. Note that in the case of this and many plugins this can be overcome however it still does make the files more secure. Turning this on will set the UNIX file permissions to 0444 on these files and turning it off will set the permissions to 0664.Prevents users from seeing a list of files in a directory when no index file is present.PriorityPrivate, ticketed supportPrivilege EscalationProPro customers can contact iThemes Helpdesk for help. Our support team answers questions Monday – Friday, 8am – 5pm (CST).Problems FoundProtect Against TabnappingProtect System FilesProtect System Files - Security > Settings > System Tweaks > System FilesProtect your site against attackers that try to randomly guess login details to your site.Protect your site from bots by verifying that the person submitting comments or logging in is indeed human.Protect your site when outdated software is not updated quickly enough.Protect your site with automated malware scans. When this feature is enabled, the site will be automatically scanned each day. If a problem is found, an email is sent to select users.QueryQuick ban IP. Will be updated on next formal rules save.REST APIRead iThemes Security documentation and Frequently Asked Questions on the Codex.Read the latest in WordPress Security news, tips, and updates on iThemes Blog.ReasonReceive Email UpdatesReceive email updates about WordPress Security from iThemes.Receive email updates about WordPress Security from iThemes: %1$sRecipientRecipients for this email.Redirect All HTTP Page Requests to HTTPSRedirect All HTTP Page Requests to HTTPS - Security > Settings > Secure Socket Layers (SSL) > SSL for DashboardRedirect Location: %sRedirect users to a custom location on your site, instead of throwing a 403 (forbidden) error.Redirection SlugReduce Comment SpamReduce Comment Spam - Security > Settings > WordPress Tweaks > Comment SpamReferrerRegister SlugRegistration URL: %sRelative PathRelease Selected LockoutsRelease lockouts from the Active Lockouts section of the settings page.Release the permanent host ban from Ban Hosts list in the Banned Users section of the settings page.Reload File Permissions DetailsRemember, some of these settings might conflict with other plugins or themes, so test your site after enabling each setting.Remove File Writing PermissionsRemove the RSD (Really Simple Discovery) header.Remove the Windows Live Writer header.Removed FilesRemoves the RSD (Really Simple Discovery) header. If you don't integrate your blog with external XML-RPC services such as Flickr then the "RSD" function is pretty much useless to you.Request MethodsRequire SSLReset API KeyResetting...Resource ScannedRestore Default LocationRestore Default Log File PathRestricted Access (recommended)ResultResultsResults of previous malware scans can be found on the logs page.Run Secure Site AgainRun a Security Check ✓SSLSSL for DashboardSSL is an important feature for every site. It protects user accounts from being compromised, protects the content from modifications by ISPs and attackers, protects potentially-sensitive information submitted to the site from network sniffing, could speed up performance of your site (depending on server configuration), and could improve your site's search engine rankings.Save Locally OnlySave Locally and EmailSave SettingsScan DetailsScan Files NowScan Homepage for MalwareScan Next File ChunkScan SummaryScanning...ScheduleSchedule Database BackupsScheduled malware scanningSearchSearch ModulesSecuring Site...SecuritySecurity CheckSecurity DigestSecurity ResourcesSecurity error!Security warning in the URLSee what's newSelect "Yes" and save the settings to change the database table prefix.Select "Yes" and save the settings to undo the content directory change.Select AllSelect Filter: Select Role for Strong PasswordsSelect the type of restriction you would like to enable.Select what we should do with your backup file. You can have it emailed to you, saved locally or both.Select whether we should exclude files and folders selected or whether the scan should only include files and folders selected.Select which users should be emailed.Send an email with a Magic Link that bypasses a username lockout.Server Config RulesSettingsSettings Import and ExportSettings saved successfully for %1$s.Show DetailsShow Error CodesShow all datesSince you are using the free version of iThemes Security from WordPress.org, you can get free support from the WordPress community.Site Database Backup for %sSite Lockout NotificationSite LockoutsSite UsersSome features and settings are recommended for every site to run. This tool will ensure that your site is using these recommendations.Some plugins can create log files in your database. While these logs might be handy for some functions, they can also take up a lot of space and, in some cases, even make backing up your database almost impossible. Select log tables above to exclude their data from the backup. Note: The table itself will be backed up, but not the data in the table.Sorry, the update password request has expired. Please log in again.Specified when sendingSplit File ScanningSplit file checking into chunks.Splits file checking into 7 chunks (plugins, themes, wp-admin, wp-includes, uploads, the rest of wp-content and everything that is left over) and divides the checks evenly over the course of a day. This feature may result in more notifications but will allow for the scanning of bigger sites to continue even on a lower-end web host.Start DateStart TimeStart TimestampStatusStrength indicatorStrengthen the passwords on the site with automated password expiration.Strong Password EnforcementStrong PasswordsSubjectSubscribeSuccessSuccessfully removed the selected lockout.Successfully remove the selected lockouts.SuggestionSupply a new directory name and save the settings to change the location of the wp-content directory. You may need to log in again after performing this operation.SupportSuspicious Query StringsSystem FilesSystem TweaksTables for BackupTables with data that does not need to be backed upTake the guesswork out of WordPress security. iThemes Security offers 30+ ways to lock down WordPress in an easy-to-use WordPress security plugin.The "Write to Files" setting is disabled in Global Settings. In order to use this feature, you must enable the "Write to Files" setting.The "Write to Files" setting is disabled. Manual configuration for the %s file can be found on the Security > Settings page in the Advanced section.The %1$s and %2$s cannot be the same.The %1$s and %2$s must be before the %3$s and %4$s.The %1$s and %2$s settings restrict the current time and would result in locking you out immediately. Please select a %1$s and %2$s that does not restrict the current time.The %1$s and %2$s values resulted in a date and time of %3$s, which was unable to be processed properly. This could be an issue with PHP or a server configuration issue.The %1$s email list must be a string with each entry separated by a new line.The %1$s value cannot be empty.The %1$s value is not a valid username.The %1$s value must be a positive integer.The %1$s value must be a string with each entry separated by a new line.The %1$s value must be a string.The %1$s value must be a valid date in the format of YYYY-MM-DD.The %1$s value must be a valid date.The %1$s value must be a valid email address.The %1$s value must be an integer.The %1$sDatabase Backup%2$s module will send a copy of any backups to the email addresses listed below.The %1$sFile Change Detection%2$s module will email a file scan report after changes have been detected.The %s module is a Core module and cannot be activated or deactivated.The WordPress REST API is part of WordPress and provides developers with new ways to manage WordPress. By default, it could give public access to information that you believe is private on your site. For more details, see our post about the WordPress REST API here.The wp-content directory is available at %s.The Hide Backend feature is now active. Your new login URL is %1$s. A reminder has also been sent to the notification email addresses set in iThemes Security's Notification Center.The Hide Backend feature is now active. Your new login URL is %1$s. Please note this may be different than what you sent as the URL was sanitized to meet various requirements. A reminder has also been sent to the notification email addresses set in iThemes Security's Notification Center.The Hide Backend feature is now disabled. Your new login URL is %1$s. A reminder has also been sent to the notification email addresses set in iThemes Security's Notification Center.The ITSEC_DISABLE_MODULES define is set. All iThemes Security protections are disabled. Please make the necessary settings changes and remove the define as quickly as possible.The Login Slug cannot be "%1$s" as WordPress uses that slug.The Security Digest reduces the number of emails sent so you can receive a summary of lockouts and file change detection scans.The Security Digest reduces the number of emails sent so you can receive a summary of lockouts, file change detection scans, and privilege escalations.The URL to your website.The WordPress Site Title. Can be changed under Settings -> General -> Site TitleThe WordPress salts were successfully regenerated.The backup request returned an unexpected response. It returned a response of type %1$s.The content directory cannot be changed to a blank directory name.The content directory was changed by something other than iThemes Security. No further actions are available on this page.The content directory was successfully changed back to %1$s.The content directory was successfully changed to %1$s.The data validator for %1$s is missing. Data for the module cannot be saved without the validator. This error could indicate a bad install of iThemes Security. Please remove the plugin and reinstall it. If this message persists, please contact support and send them this error message.The database table prefix was successfully changed to %1$s.The direction argument must be either "add", "clear", or "remove".The directory %s could not be created as a file with that name already exists.The directory %s could not be created as an existing parent directory could not be found.The directory %s could not be created as the mkdir() function is disabled. This is a system configuration issue.The directory %s could not be created due to an unknown error. This could be due to a permissions issue.The directory %s could not be protected from file listing as the directory does not exist.The directory %s could not be removed as the rmdir() function is disabled. This is a system configuration issue.The directory supplied in %1$s is not writable. Please select a directory that can be written to.The email address(es) this notification will be sent to. One address per line.The email value is missing.The file %1$s could not have its permissions updated as non-integer permissions were sent: (%2$s) %3$sThe file %s could not be removed as the unlink() function is disabled. This is a system configuration issue.The file %s could not have its permissions updated as the chmod() function is disabled. This is a system configuration issue.The file path supplied in %1$s cannot be used as it already exists but is not a file. Please supply a valid file path.The file path supplied in %1$s could not be created. Please supply a file path that can be written to.The file path supplied in %1$s is not writable. Please supply a file path that can be written to.The file path supplied in %1$s was successfully created, but it cannot be updated. Please supply a file path that can be written to.The following IP in %1$s is invalid: %2$lThe following IPs in %1$s are invalid: %2$lThe following IP in %1$s is whitelisted and cannot be banned: %2$lThe following IPs in %1$s are whitelisted and cannot be banned: %2$lThe following email in %1$s is invalid: %2$lThe following emails in %1$s are invalid: %2$lThe following email recipients are deprecated. Please create new users for these email addresses or remove them.The following entry in %1$s is invalid: %2$lThe following entries in %1$s are invalid: %2$lThe following extension in %1$s is invalid: %2$lThe following extensions in %1$s are invalid: %2$lThe following host in %1$s matches your current IP and cannot be banned: %2$sThe following is a summary of security related activity on your site: %sThe following rules need to be written to your wp-config.php file. Please make sure to keep the comments in place.The following rules need to be written to your server's config file. Please make sure to keep the comments in place.The following settings modify the behavior of many of the features offered by iThemes Security.The ip argument is missing.The length of time a host or user will be banned from this site after hitting the limit of bad logins. The default setting of 15 minutes is recommended as increasing it could prevent attacking IP addresses from being added to the blacklist.The login address for {{ $site_title }} has changed. The new login address is {{ $login_url }}. You will be unable to use the old login address.The login url slug cannot be "login," "admin," "dashboard," or "wp-login.php" as these are use by default in WordPress.The malware scanner requires Javascript in order to function. If Javascript is disabled in your browser, please enable it. If Javascript is not disabled, a script from another plugin, the theme, or a broken WordPress file is preventing the malware scanner's script from executing properly. Please try disabling other plugins to see if that resolves the issue.The message to display to a user when their IP has been flagged as bad by the iThemes network.The message to display to a user when their account has been locked out.The message to display when a computer (host) has been locked out.The new directory name cannot be an absolute path. Please supply a path that is relative to ABSPATH (%s).The new directory name cannot be the same as the current directory name. Please supply a new directory name.The new login link.The number of days between database backups.The number of days database logs should be kept. File logs will be kept indefinitely but will be rotated once the file hits 10MB.The number of lockouts per IP before the host is banned permanently from this site.The number of login attempts a user has before their host or computer is locked out of the system. Set to 0 to record bad login attempts without locking out the host.The number of login attempts a user has before their username is locked out of the system. Note that this is different from hosts in case an attacker is using multiple computers. In addition, if they are using your login name you could be locked out yourself. Set to 0 to log bad login attempts per user without ever locking the user out (this is not recommended).The number of minutes in which 404 errors should be remembered and counted towards lockouts.The number of minutes in which bad logins should be remembered.The numbers of errors (within the check period time frame) that will trigger a lockout. Set to zero (0) to record 404 errors without locking out users. This can be useful for troubleshooting content or other errors. The default is 20.The password has not been updated.The path on your machine where backup files should be stored.The path on your server where log files should be stored.The path on your server where the nginx config file is located.The requested module (%s) does not exist. Settings for it cannot be rendered.The requested widget (%s) does not exist. Logs for it cannot be rendered.The requested widget (%s) does not exist. Settings for it cannot be rendered.The scan did not complete successfully. Sucuri sent the following error: %sThe scan did not complete successfully. The Sucuri server should send its response in JSON encoding. The data received from the Sucuri server could not be decoded. In addition, a content type of %s was received when a content type of application/json was expected. This could indicate a temporary issue with the Sucuri servers.The scan did not complete successfully. The Sucuri server should send its response in JSON encoding. The response indicates that the encoding is JSON, but the data could not be decoded. This problem could be due to a temporary Sucuri server issue or a compatibility issue on your server. If the problem continues, please contact iThemes Security support.The scan failed due to an unexpected technical error. The response from the wp_remote_get function contains an empty body entry. Since the body entry contains the response for the request to Sucuri's servers, the response cannot be processed. This could indicate a plugin/theme compatibility issue or a problem in WordPress.The scan failed due to an unexpected technical error. The response from the wp_remote_get function does not contain a body entry. Since the body entry contains the response for the request to Sucuri's servers, the response cannot be processed. This could indicate a plugin/theme compatibility issue or a problem in WordPress.The scan failed due to an unexpected technical error. The response from the wp_remote_get function is missing some critical information that is needed in order to properly process the response from Sucuri's servers. This could indicate a plugin/theme compatibility issue or a problem in WordPress.The scan failed to properly scan the site.The selected restriction date and time has already ended. Please select an %1$s and %2$s that has not already ended.The selected restriction date and time has already started and would result in locking you out immediately. Please select a %1$s and %2$s that has not already started.The server did not receive a valid request. An unknown "method" argument was supplied. Please try again.The server did not receive a valid request. The required "data" argument for the module is missing. Please try again.The server did not receive a valid request. The required "data" argument for the widget is missing. Please try again.The server did not receive a valid request. The required "method" argument is missing. Please try again.The server did not receive a valid request. The required "module" argument is missing. Please try again.The settings could not be saved. Due to an unknown error. Please try refreshing the page and trying again.The settings could not be saved. Please correct the error above and try again.The settings could not be saved. Please correct the errors above and try again.The settings saved successfully.The slug to redirect users to when they attempt to access wp-admin while not logged in.The supplied data is invalid. The supplied start (%1$s) is after the supplied end (%2$s).The supplied email address (%s) is invalid. A valid email address is required in order to sign up for the Network Bruteforce Protection by iThemes.The supplied module (%s) is not recognized. The module settings could not be saved.The updates_optin value is missing.The user changes have not been saved.The user has not been created.The user was successfully updated.The user was unable to be successfully updated. This could be due to a plugin or server configuration conflict.The valid value for %1$s is: %2$l.The valid values for %1$s are: %2$l.Theme Update NotificationsThere are no active lockouts at this time.There are no added files to reportThere are no changed files to reportThere are no deleted files to reportThere are no rules that need to be written.There is nothing that needs to be written to your wp-config.php file.There was an error returned from the Network Brute Force Protection API: %1$sThese are advanced settings that may be utilized to further strengthen the security of your WordPress site.These are very often signs of someone trying to gain access to your site but some plugins and themes can also be blocked.This email was generated by the iThemes Security plugin on behalf of %s.This email was generated by the iThemes Security plugin.This feature allows you to completely ban hosts and user agents from your site without having to manage any configuration of your server. Any IP addresses or user agents found in the lists below will not be allowed any access to your site.This feature will improve the security of your WordPress installation by removing common user attributes that can be used to target your site.This forces users to choose a unique nickname when updating their profile or creating a new account which prevents bots and attackers from easily harvesting user's login usernames from the code on author pages. Note this does not automatically update existing users as it will affect author feed urls if used.This has been disabled.This is a test file generated by iThemes Security. It can be removed.This is not needed if you do not use Windows Live Writer or other blogging clients that rely on this file.This makes it harder for bots to determine usernames by disabling post archives for users that don't post to your site.This malware scan is powered by Sucuri SiteCheck. It checks for known malware, blacklisting status, website errors and out-of-date software. Although the Sucuri team does its best to provide thorough results, 100%% accuracy is not realistic and is not guaranteed.This notification supports email tags. Tags are formatted as follows %s.This option will cut down on comment spam by denying comments from bots with no referrer or without a user-agent identified.This path must be writable by your website. For added security, it is recommended you do not include it in your website root folder.This tool provides an undo feature after changing the Content Directory. Since not all plugins, themes, or site contents function properly with a renamed Content Directory, please verify that the site is functioning correctly after the change. If any issues are encountered, the undo feature should be used to undo the change. Please note that the undo feature is only available when the changes added to the wp-config.php file for this feature are unmodified.This white list will prevent any IP listed from triggering an automatic lockout. You can still block the IP address manually in the banned users settings.TimeTime when the admin dashboard should become available again.Time when the admin dashboard should become unavailable.To adjust logging options visit the global settings page.To get started with iThemes Network Brute Force Protection, please supply your email address and save the settings. This will provide this site with an API key and starts the site protection.To unsubscribe from these notifications, please %1$scontact the site administrator%2$s.To unsubscribe from these updates, visit the %1$sSettings page%2$s in the iThemes Security plugin menu.To view logs within the plugin you must enable database logging in the Global Settings. File logging is not available for access within the plugin itself.TodayTomorrowTotal ScansTry iThemes Sync for FreeTurning this feature on will enable compatibility with InfiniteWP. Do not turn it on unless you use the InfiniteWP service.TutorialsTwo-Factor AuthenticationTwo-Factor Authentication greatly increases the security of your WordPress user account by requiring additional information beyond your username and password in order to log in.Two-factor authenticationType of RestrictionType: %1$sURLUSER - Expires in TIME%1$s - Expires in %2$sUnable to change the content directory back to wp-content. If the above error cannot be fixed, you may need to manually change the content directory. Instructions on how to change the content directory manually can be found here.Unable to change the content directory. If the above error cannot be fixed, you may need to manually change the content directory. Instructions on how to change the content directory manually can be found here.Unable to create a backup at this time since a backup is currently being created. If you wish to create an additional backup, please wait a few minutes before trying again.Unable to create the backup directory due to an unknown error.Unable to find a valid settings object for %s. Setting was unable to be saved.Unable to find a valid settings object for %s. Settings were unable to be saved.Unable to read %1$s due to the following error: %2$sUnable to read the wp-config.php file in order to update the Database Prefix. Error details as follows: %1$sUnable to read the wp-config.php file in order to update the salts. You will need to manually update the file. Error details as follows: %1$s (%2$s)Unable to remove %1$s due to the following error: %2$sUnable to remove %s due to an unknown error.Unable to rename the %1$s directory to %2$s. This could indicate a file permission issue or that your server does not support the supplied name as a valid directory name. No config file or directory changes have been made.Unable to set the permissions of the new Directory Name (%1$s) to match the permissions of the old Directory Name. You may have to manually change the permissions of the directory to %2$s in order for your site to function properly.Unable to strip comments from the source code as the token_get_all() function is disabled. This is a system configuration issue.Unable to strip comments from the source code as the token_get_all() function returned an unrecognized value (type: %s)Unable to update the wp-config.php file in order to update the Database Prefix. Error details as follows: %1$sUnable to update the wp-config.php file in order to update the salts. You will need to manually update the file. Error details as follows: %1$s (%2$s)Unable to update the wp-config.php file. No directory or config file changes have been made. The error that prevented the file from updating is as follows: %1$sUnable to write the backup file. This may be due to a permissions or disk space issue.Undo Content Directory ChangeUnknown contacts for %1$s, %2$l.Unknown error encountered while sending.Unknown error type received: %1$s.Unknown schedule for %1$s, %2$s.Unknown tags for %1$s, %2$l.Update PasswordUpdate the secret keys WordPress uses to increase the security of your site.Updates to wp-config.php are disabled via a filter.Use the button below to purge the log table in your database. Please note this will purge all log entries in the database including 404s.Use the guidelines below to enter hosts that will not be allowed access to your site.Use the guidelines below to enter hosts that will not be locked out from your site. This will keep you from locking yourself out of any features if you should trigger a lockout. Please note this does not override away mode and will only prevent a temporary ban. Should a permanent ban be triggered you will still be added to the "Ban Users" list unless the IP address is also white listed in that section.Use the guidelines below to enter user agents that will not be allowed access to your site.Use the white list above to prevent recording common 404 errors. If you know a common file on your site is missing and you do not want it to count towards a lockout record it here. You must list the full path beginning with the "/".UserUser Lockout MessageUser LoggingUser Security CheckUsernameUsername OnlyUsersValueVarious modules send emails to notify you when a user or host is locked out of your website.Version ManagementView LogsVisit Banned Users SettingsVisit Settings PageWARNINGWant two-factor authentication, scheduled malware scanning, ticketed support and more?WarningWarning: If your site invites public registrations setting the role too low may annoy your members.WebsiteWeeklyWeekly Security DigestWhen the button below is clicked the following modules will be enabled and configured:Whether or not iThemes Security should be allowed to write to wp-config.php and .htaccess automatically. If disabled you will need to manually place configuration options in those files.White ListedWhole SiteWhy go Pro? Check out the Free/Pro comparison chart.Wildcards are also supported with some limitations. If using wildcards (*), you must start with the right-most chunk in the IP address. For example ###.###.###.* and ###.###.*.* are permitted but ###.###.*.### is not. Wildcards are only for convenient entering of IP addresses, and will be automatically converted to their appropriate CIDR notation format on save.Windows Live Writer HeaderWith Network Brute Force Protection, your site is protected against attackers found by other sites running iThemes Security. If your site identifies a new attacker, it automatically notifies the network so that other sites are protected as well. To join this site to the network and enable the protection, click the button below.WordPress Login Address ChangedWordPress SaltsWordPress TweaksWordPress uses the "action" variable to handle many login and logout functions. By default this plugin can handle the normal ones but some plugins and themes may utilize a custom action (such as logging out of a private post). If you need a custom action please enter it here.WordPress' XML-RPC feature allows external services to access and modify content on the site. Common example of services that make use of XML-RPC are the Jetpack plugin, the WordPress mobile app, and pingbacks. If the site does not use a service that requires XML-RPC, select the "Disable XML-RPC" setting as disabling XML-RPC prevents attackers from using the feature to attack the site.WordPress' XML-RPC feature allows hundreds of username and password guesses per request. Use the recommended "Block" setting below to prevent attackers from exploiting this feature.Write to FilesXML-RPCXML-RPC services are disabled on this site.YesYou can use HTML in your message. Allowed HTML includes: %l.You can use HTML in your message. Allowed tags include: a, br, em, strong, h1, h2, h3, h4, h5, h6, div.You do not have sufficient permission to access this endpoint. Access to REST API requests is restricted by iThemes Security settings.You have been locked out due to too many invalid login attempts.You may ban users by individual IP address or IP address range using wildcards or CIDR notation.You may need to turn this off if you are having problems with backups.You may white list users by individual IP address or IP address range using wildcards or CIDR notation.You must change WordPress permalinks to a setting other than "Plain" in order to use this feature.You must check the Change WordPress Salts checkbox in order to change the WordPress salts.You must restart your NGINX server for the changes to take effect.Your Daily Security Digest for %sYour IP address has been flagged as a threat by the iThemes Security network.Your Monthly Security Digest for %sYour Nickname must be different than your login name. Please choose a different Nickname.Your Security Digest for %sYour Weekly Security Digest for %sYour current database table prefix is %1$s.Your current settings are configured as follows:Your database containsYour database is using the default table prefix wp_. You should change this.Your lockout settings can be configured in Global Settings.Your profile has not been updated.Your site appears to support SSL. It is highly recommended that you select the "Enabled" setting below. This redirects all http traffic to your site to the https address, thus requiring everyone to access the site via SSL. In other words, it will force everyone to use a secure connection to the site.Your site does not appear to support SSL. Only enable SSL if you know that the site properly supports SSL since enabling it on a site that does not properly support it will block all access to the site.Your site is now using Network Brute Force Protection.Your site might support SSL. If the site is configured with a valid certificate that is not self-signed, it is highly recommended that you select the "Enabled" setting below. This redirects all http traffic to your site to the https address, thus requiring everyone to access the site via SSL. In other words, it will force everyone to use a secure connection to the site.Zip Database Backups[%1$s] %2$semail to backup recipients could not be sent.emailed to backup recipientsemailed to backup recipients and saved locallyerrorhttps://ithemes.comhttps://ithemes.com/securityhttps://wordpress.org/iThemesiThemes SecurityiThemes Security LogsiThemes Security SettingsiThemes Security can log events in multiple ways, each with advantages and disadvantages. Database Only puts all events in the database with your posts and other WordPress data. This makes it easy to retrieve and process but can be slower if the database table gets very large. File Only is very fast but the plugin does not process the logs itself as that would take far more resources. For most users or smaller sites Database Only should be fine. If you have a very large site or a log processing software then File Only might be a better option.iThemes Security noticed file changes in your WordPress site. Please review the logs to make sure your system has not been compromised.iThemes Security preserved the following settings as removing them could prevent the site from functioning correctly.iThemes Security received a request to modify the override behavior of the Away Mode module. However, the request is invalid as the module is configured for a one-time lockout that occurred in the past. Allowing an activate override would result in an unending Away Mode lockout.iThemes Security received a request to modify the override behavior of the Away Mode module. However, the request is invalid as the required "intention" argument is missing.iThemes Security received a request to modify the override behavior of the Away Mode module. However, the request is invalid as the required "intention" argument is set to an unrecognized value: "".iThemes Security requires Javascript in order for the settings to be modified. Please enable Javascript to configure the settings.log entries.nopaging%1$s of %2$sreCAPTCHAroleAll %s userssaved locallysaved locally but email to backup recipients could not be sent.scan status, scan description%1$s %2$sscan status, scan description, scan details link%1$s %2$s %3$stoo many attempts to access a file that does not existtoo many bad login attemptsuser tried to login as "admin."wp-config.php RulesyesPO-Revision-Date: 2017-11-16 13:36:02+0000 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Plural-Forms: nplurals=2; plural=n != 1; X-Generator: GlotPress/2.4.0-alpha Language: en_GB Project-Id-Version: Plugins - iThemes Security (formerly Better WP Security) - Stable (latest release) %1$s %2$d%1$s (%2$s)%1$s (%2$s)%1$s is enabled as recommended.The directory supplied in %1$s cannot be used as a valid directory. %2$sThe file path supplied in %1$s cannot be used as the parent directory cannot be created. %2$s%1$sHide Backend%2$s will notify the chosen recipients whenever the login URL is changed.%s could not be read due to an unknown error.%s could not be read. Both the fopen/feof/fread/flock and file_get_contents functions are disabled on the server.%s could not be read. Both the opendir/readdir/closedir and glob functions are disabled on the server.%s could not be read. It does not appear to be a file.%s could not be written as a file. The requested path already exists as a directory. The directory must be removed or a new file name must be chosen before the file can be written.%s could not be written. Both the fopen/fwrite/flock and file_put_contents functions are disabled on the server. This is a server configuration issue that must be resolved before iThemes Security can write files.%s could not be written. This could be due to a permissions issue. Ensure that PHP runs as a user that has permission to write to this location.%s pending← Back to %s*Known Spam detected+ more Pro-only features1 item%s items25% off BackupBuddy with coupon code404 Detection404 Error404 Errors Found404 File/Folder White List404 detection looks at a user who is hitting a large number of non-existent pages and getting a large number of 404 errors. 404 detection assumes that a user who hits a lot of 404 errors in a short period of time is scanning for something (presumably a vulnerability) and locks them out accordingly. This also gives the added benefit of helping you find hidden problems causing 404 errors on unseen parts of your site. All errors will be logged in the "View Logs" page. You can set thresholds for this feature below.Host: %1$sUser: %1$sIMPORTANT: Deactivating or uninstalling this plugin will not revert the changes made by this feature.IMPORTANT: Ensure that you create a database backup before undoing the Content Directory change.IMPORTANT: Ensure that you create a database backup before changing the Content Directory.WARNING: Backup your database before using this tool.WARNING: Changing the name of the Content Directory on a site that already has images and other content referencing it will break your site. For this reason, we highly recommend only changing the Content Directory on a fresh WordPress install.WARNING: Undoing the Content Directory change when images and other content were added after the change will break your site. Only undo the Content Directory change if absolutely necessary.Warning: The changes made by this tool could cause compatibility issues with some plugins, themes, or customisations. Ensure that you create a database backup before using this tool.Advanced - Choose different settings for front-end and dashboard page requests.Allow - Allows XML-RPC requests that contain multiple login attempts. Only use this setting if a service requires it.Block - Blocks XML-RPC requests that contain multiple login attempts. This setting is highly recommended.Default Access - Access to REST API data is left as default. Information including published posts, user details, and media library entries is available for public access.Disable Pingbacks - Only disables pingbacks. Other XML-RPC features will work as normal. Select this setting if you require features such as Jetpack or the WordPress Mobile app.Disable XML-RPC - XML-RPC is disabled on the site. This setting is highly recommended if Jetpack, the WordPress mobile app, pingbacks, and other services that use XML-RPC are not used.Disabled - Use the site's default handling of page requests.ERROR: Invalid email address or incorrect password.ERROR: Invalid username or incorrect password.Email Address Only - Users can only log in using their user's email address. This disables logging in using a username.Email Address and Username (Default) - Allow users to log in using their user's email address or username. This is the default WordPress behavior.Enable XML-RPC - XML-RPC is fully enabled and will function as normal. Use this setting only if the site must have unrestricted use of XML-RPC.Enabled - Redirect all http page requests to https.Error: Due to site rules, a strong password is required. Please choose a new password that rates as Strong on the meter.Host lockout message: %sHow long lockouts will be remembered for ban: %sIs this computer white-listed: %sNumber of lockouts before permanent ban: %sPermanently ban: %sRestricted Access - Restrict access to most REST API data. This means that most requests will require a logged in user or a user with specific privileges, blocking public requests for potentially-private data. We recommend selecting this option.User lockout message: %sUsername Only - Users can only log in using their user's username. This disables logging in using an email address.A "internal server" error prevented the request from completing as expected. The server returned a 500 status code, indicating that the server was unable to complete the request due to a fatal PHP error or a server problem. This could be due to a plugin/theme conflict, a server configuration issue, a temporary hosting issue, or invalid custom PHP modifications. Please check your server's error logs for details about the source of the error and contact your hosting company for assistance if required.A "not found" error prevented the request from completing as expected. The server returned a 404 status code, indicating that the server was unable to find the requested admin-ajax.php file. This could be due to a plugin/theme conflict, a server configuration issue, or an incomplete WordPress installation. Please try refreshing the page and trying again. If the request continues to fail, you may have to alter plugin settings, alter server configurations, or reinstall WordPress.A "request forbidden" error prevented the request from completing as expected. The server returned a 403 status code, indicating that the server configuration is prohibiting this request. This could be due to a plugin/theme conflict or a server configuration issue. Please try refreshing the page and trying again. If the request continues to fail, you may have to alter plugin settings or server configuration that could account for this AJAX request being blocked.A Nickname is required. Please choose a nickname or fill out your first and last name.A file (or files) on your site have been changed. Please review the report below to verify changes are not the result of a compromise.A file or directory already exists at %s. No Directory Name changes have been made. Please choose a new Directory Name or remove the existing file or directory and try again.A host was prevented from accessing the dashboard due to away-mode restrictions being in effectA nonce security check failed, preventing the request from completing as expected. Please try reloading the page and trying again.A parser error prevented the request from completing as expected. The site sent a response that jQuery could not process. This could be due to a plugin/theme conflict or a server configuration issue.A password change is required for your account.A permissions security check failed, preventing the request from completing as expected. The currently logged in user does not have sufficient permissions to make this request. Please try reloading the page and trying again.A scan is already in progress. Please check the logs page at a later time for the results of the scan.A timeout error prevented the request from completing as expected. The site took too long to respond. This could be due to a plugin/theme conflict or a server configuration issue.A validation check for %1$s failed. The %2$s value is missing. This could be due to a problem with the iThemes Security installation or an invalid modification. Please reinstall iThemes Security and try again.A validation function for %1$s received data that did not have the required entry for %2$s.A validation function for %1$s received data that does not match the expected data type for the %2$s entry. A data type of %3$s was expected, but a data type of %4$s was received.A validation function for %1$s received data that has an entry for %2$s when no such entry exists.A whitelisted host has triggered a lockout condition but was not locked out.API KeyAPI SecretAbout LockoutsActionActivate Network Brute Force ProtectionActivating Network Brute Force Protection...Active LockoutsAdd InfiniteWP CompatibilityAdd an extra layer of protection to your WordPress site with iThemes Security Pro, including:Add my current IP to the White ListAdded FilesAdded by W3 Total CacheAdmin EmailsAdmin UserAdvancedAdvanced feature to rename the wp-content directory to a different name.Advanced settings that improve security by changing default WordPress Multisite behaviour.Advanced settings that improve security by changing default WordPress behaviour.Advanced settings that improve security by changing the server config for this site.All Log DataAllowAllow Data TrackingAllow administrators to temporarily grant extra access to a user of the site for a specified period of time.Allow iThemes Security to write to wp-config.php and .htaccess.Allow iThemes to track plugin usage via anonymous data.Alter target="_blank" links to protect against tabnappingAn "invalid format" error prevented the request from completing as expected. The format of data returned could not be recognised. This could be due to a plugin/theme conflict or a server configuration issue.An advanced tool that removes users with a username of "admin" or a user ID of "1".An attempt to register the %1$s module failed since the supplied path (%2$s) is invalid. This could indicate an invalid modification or incomplete installation of the iThemes Security plugin. Please reinstall the plugin and try again.An empty IP argument was submitted.An error prevented the scan from completing as expected. The currently logged in user does not have sufficient permissions to run this scan. You may need to log out of the site and log back in.An invalid sanitise type of "%1$s" was received for the %2$s input.An unknown error occured. Please try again laterAn unknown error prevented releasing the lockout the of host with a lockout ID of %dAn unknown error prevented releasing the lockout of the user with a lockout ID of %dAn unknown error prevented the API key from being reset properly. An unrecognised response was received. Please wait a few minutes and try again.An unknown error prevented the API key request from succeeding. The request for an API key returned an empty key. Please wait a few minutes and try again.An unknown error prevented the API key request from succeeding. The request for an API key returned an unrecognised response. Please wait a few minutes and try again.An unknown error prevented the API key request from succeeding. This problem could be due to a server configuration or plugin compatibility issue. Please wait a few minutes and try again.An unknown error prevented the API key secret request from succeeding. The request for an API key secret returned an unrecognised response. Please wait a few minutes and try again.An unknown error prevented the API key secret request from succeeding. The request for an API key submitted an empty key. Please wait a few minutes and try again.An unknown error prevented the API key secret request from succeeding. This problem could be due to a server configuration or plugin compatibility issue. Please wait a few minutes and try again.An unknown error prevented the API key secrete request from succeeding. The request for an API key secret returned an empty key secret. Please wait a few minutes and try again.An unknown error prevented the request from completing as expected. This could be due to a plugin/theme conflict or a server configuration issue.An unknown error prevented the scan from completing successfully. The Sucuri server responded with a %s error code.ApplyAre you lost?Are you sure you want to enable SSL? If your server does not support SSL you will be locked out of your WordPress Dashboard.ArticlesAs a getting-started point you can include the blacklist developed by Jim Walker.As most sites are only updated at certain times of the day it is not always necessary to provide access to the WordPress dashboard 24 hours a day, 7 days a week. The options below will allow you to disable access to the WordPress Dashboard for the specified period. In addition to limiting exposure to attackers this could also be useful to disable site access based on a schedule for classroom or other reasons.Attached is the database backup file for your site.AttemptsAutomatic file change scanning is triggered by a user visiting your page and may not happen exactly at the time listed.Automatically ban "admin" userAutomatically ban IPs reported as a problem by the network.Automatically block users snooping around for pages to exploit.Away ModeAway Mode TriggeredBACKUPPROTECTBack up Full DatabaseBackup IntervalBackup LocationBackup MethodBackup Save MethodBackup complete. The backup was saved locally.Backup complete. The backup was sent to the selected email recipients and was saved locally.Backup complete. The backup was sent to the selected email recipients.BackupBuddy is the complete backup, restore and migration solution for your WordPress site. Schedule automated backups, store your backups safely off-site and restore your site quickly & easily.BackupsBackups to RetainBan HostsBan Hosts - Security > Settings > Banned UsersBan ListsBan Reported IPsBan User AgentsBan User Agents - Security > Settings > Banned UsersBanned UsersBelow are various logs of information collected by iThemes Security Pro. This information can help you get a picture of what is happening with your site and the level of success you have achieved in your security efforts.BlacklistBlacklist Lockout PeriodBlacklist Lookback PeriodBlacklist Repeat OffenderBlacklist ThresholdBlock (recommended)Block specific IP addresses and user agents from accessing the site.BothBulk ActionsBy default, WordPress allows users to log in using either an email address or username. This setting allows you to restrict logins to only accept email addresses or usernames.By default, WordPress assigns the prefix wp_ to all tables in the database where your content, users, and objects exist. For potential attackers, this means it is easier to write scripts that can target WordPress databases as all the important table names for 95% of sites are already known. Changing the wp_ prefix makes it more difficult for tools that are trying to take advantage of vulnerabilities in other places to affect the database of your site. Before using this tool, we strongly recommend creating a backup of your database.By default, WordPress stores files for plugins, themes, and uploads in a directory called wp-content. Some older and less intelligent bots hard coded this directory in order to look for vulnerable files. Modern bots are intelligent enough to locate this folder programmatically, thus changing the Content Directory is no longer a recommended security step.CIDR notation is allowed to specify a range of IP addresses (###.###.###.###/## or ####:####:####:####:####:####:####:####/###).CRITICAL ERROR: The %1$s directory was successfully renamed to the new name (%2$s). However, an error occurred when updating the wp-config.php file to configure WordPress to use the new content directory. iThemes Security attempted to rename the directory back to its original name, but an unknown error prevented the rename from working as expected. In order for your site to function properly, you will either need to manually rename the %2$s directory back to %1$s or manually update the wp-config.php file with the necessary modifications. The error that prevented the file from updating is as follows: %3$sCancelCannot get lock.Change Content DirectoryChange Database Table PrefixChange PrefixChange User ID 1Change WordPress SaltsChange the ID of the user with ID 1.Change the database table prefix that WordPress uses.Change the location of the wp-content directory so that it uses a different name.Changed FilesChanged the Authentication Methods Available to Users setting in Two-Factor Authentication to "All Methods".Changed the Multiple Authentication Attempts per XML-RPC Request setting in WordPress Tweaks to "Block".Changed the REST API setting in WordPress Tweaks to "Restricted Access".Changed the User Type Protection setting in Two-Factor Authentication to "Privileged Users".Changes were detected. Please check the logs page for details.Check TimeCheck this box and then save settings to change your WordPress Salts.Checking this box will have the backup script back up all tables in your database, even if they are not part of this WordPress site.CleanClear LogsClick the button to load the current file permissions.CloseComment SpamCommunity Lockout MessageComplete Your Security Strategy With BackupBuddyCompress Backup FilesConfigure SettingsConfigure basic settings that control how iThemes Security functions.Configure next iThemes Security settingConfigure previous iThemes Security settingConfigure use of SSL to ensure that communications between browsers and the server are secure.Confirm new passwordCopied!Copy to ClipboardCore Update NotificationsCould not rename table %1$s. You may have to rename the table manually.Could not update prefix references in options table.Could not update prefix references in usermeta table.CountCreate a Database BackupCreate backups of your site's database. The backups can be created manually and on a schedule.Creating Backup...Current pageCustom Login ActionDailyDaily Security DigestDataDatabase BackupDatabase Backup ExecutedDatabase BackupsDatabase OnlyDate%1$s \a\t %2$sDate when the admin dashboard should become available again.Date when the admin dashboard should become unavailable.DaysDays to Keep Database LogsDebug info (source page): %sDefault AccessDefault BlacklistDeprecated RecipientsDetailsDirectory BrowsingDisableDisable Directory BrowsingDisable Directory Browsing - Security > Settings > System Tweaks > Directory BrowsingDisable Extra User ArchivesDisable File EditorDisable File Editor - Security > Settings > WordPress Tweaks > File EditorDisable PHP execution in the plugins directory. This blocks requests to PHP files inside plugin directories that can be exploited directly.Disable PHP execution in the themes directory. This blocks requests to PHP files inside theme directories that can be exploited directly.Disable PHP execution in the uploads directory. This blocks requests to maliciously uploaded PHP files in the uploads directory.Disable PHP in PluginsDisable PHP in Plugins - Security > Settings > System Tweaks > PHP in PluginsDisable PHP in ThemesDisable PHP in Themes - Security > Settings > System Tweaks > PHP in ThemesDisable PHP in UploadsDisable PHP in Uploads - Security > Settings > System Tweaks > PHP in UploadsDisable PingbacksDisable Proxy IP DetectionDisable XML-RPC (recommended)Disable XML-RPC - Security > Settings > WordPress Tweaks > XML-RPCDisable access to the WordPress Dashboard on a schedule.Disable login error messagesDisabledDisabled the File Editor in WordPress Tweaks.Disables a user's author page if their post count is 0.Disables the file editor for plugins and themes requiring users to have access to the file system to modify files. Once activated you will need to manually edit theme and other files using a tool other than WordPress.Disabling this feature will prevent the file change warning from displaying to the site administrator in the WordPress Dashboard. Note that disabling both the error message and the email notification will result in no notifications of file changes. The only way you will be able to tell is by manually checking the log files.Dismiss NoticeDismiss WarningDisplay File Change Admin WarningDisplay file change admin warningDo not modify or remove this lineDo not remove. Removing this line could break your site. Added by Security > Settings > Change Content Directory.DocumentationDocumentation: %2$sDownload Our WordPress Security Pocket GuideDue to site rules, a strong password is required for your account. Please choose a new password that rates as Strong on the meter.During periods of heavy attack, iThemes Security can generate a LOT of email.Each error message in iThemes Security has an associated error code that can help diagnose an issue. Changing this setting to "Yes" causes these codes to display. This setting should be left set to "No" unless iThemes Security support requests that you change it.EditURI HeaderEmail AddressEmail Address OnlyEmail Address and Username (default)Email Address: %1$sEmail OnlyEnableEnable Ban ListsEnable Blacklist Repeat OffenderEnable HackRepair.com's blacklist featureEnable HackRepair.com's blacklist feature - Security > Settings > Banned Users > Default BlacklistEnable InfiniteWP CompatibilityEnable RedirectionEnable SSL:Enable Scheduled Database BackupsEnable XML-RPCEnable the hide back end feature.EnabledEnabled %1$s.Enabled the Email Notifications setting in Malware Scan Scheduling.Enabled the Enable Ban Lists setting in Banned Users.Enabled the Vulnerable Site Protection setting in Two-Factor Authentication.Enabled the Vulnerable User Protection setting in Two-Factor Authentication.Enabled the Write to Files setting in Global Settings.Enables secure SSL connection for the front end (public parts of your site). Turning this off will disable front-end SSL control; turning this on "Per Content" will place a checkbox on the edit page for all posts and pages (near the publish settings), allowing you to turn on SSL for selected pages or posts. Selecting "Whole Site" will force the whole site to use SSL.Enabling this feature helps protect visitors to this site (including logged in users) from phishing attacks launched by a linked site. Details on tabnapping via target="_blank" links can be found in this article.End DateEnd TimeEnd TimestampEnsure that your site is using the recommended features and settings.Ensure your site is using recommended settings and features with a security check.Enter a new username to replace "admin." Please note that if you are logged in as admin you will have to log in again.Enter only 1 IP address or 1 IP address range per line.Enter only 1 user agent per line.ErrorError Code: %sError Message: %sError ThresholdError while sending %1$s notification at %2$s: %3$sError.ErrorsEven the best security solutions can fail. How do you know if someone gets into your site? You will know because they will change something. File Change detection will tell you what files have changed in your WordPress installation, alerting you to changes not made by yourself. Unlike other solutions, this plugin will look only at your installation and compare files to the last check instead of comparing them with a remote installation thereby, taking into account whether or not you modify the files yourself.Every user on your site affects overall security. See how your users might be affecting your security and take action when needed.Excerpt ViewExclude SelectedExclude TablesExclude files or folders by clicking the red minus next to the file or folder name.Excluded TablesExport your settings as a backup or to import on other sites for quicker setup.FileFile ChangeFile Change DetectionFile Change HistoryFile Change WarningFile ChangesFile Changes DetectedFile EditorFile HashFile OnlyFile PermissionsFile Scan Report for %sFile Writing PermissionsFile changes detected on the site.File types listed here will be recorded as 404 errors but will not lead to lockouts.File types listed here will not be checked for changes. While it is possible to change files such as images it is quite rare and nearly all known WordPress attacks exploit PHP, JS and other text files.Files AddedFiles ChangedFiles DeletedFiles RemovedAddedFiles and Folders ListModifiedRemovedFilter Long URL StringsFilter Non-English CharactersFilter Non-English Characters - Security > Settings > System Tweaks > Non-English CharactersFilter Request MethodsFilter Request Methods - Security > Settings > System Tweaks > Request MethodsFilter Suspicious Query Strings in the URLFilter Suspicious Query Strings in the URL - Security > Settings > System Tweaks > Suspicious Query StringsFilter out hits with the trace, delete, or track request methods. This should not be enabled if you use the WordPress REST API.Filter out non-English characters from the query string. This should not be used on non-English sites and only works when "Filter Suspicious Query String" has been selected.First RecordedFor more details, %1$svisit your security logs%2$sFor more information on WordPress roles and capabilities please see %1$s.Force SSL for DashboardForce SSL for Dashboard - Security > Settings > Secure Socket Layers (SSL) > SSL for DashboardForce Unique NicknameForce users to choose a unique nicknameForce users to use strong passwords as rated by the WordPress password meter.Forces all dashboard access to be served only over an SSL connection.Free WordPress Security GuideFront-End SSL ModeFunctionGet BackupBuddyGet Free API KeyGet Free SupportGet SupportGet added peace of mind with professional support from our expert team and pro features with iThemes Security Pro.Get iThemes Security ProGet tips for securing your site + the latest WordPress security updates, news and releases from iThemes.Global SettingsGo ProGo to the first pageGo to the last pageGo to the next pageGo to the previous pageGoogle reCAPTCHA integration%1$s - Expires in %2$sHelp & SupportHide BackendHide Backend – New Login URLHide Core Update NotificationsHide DetailsHide Plugin Update NotificationsHide Security Menu in Admin BarHide SettingsHide Theme Update NotificationsHide security menu in admin bar.Hide the login page by changing its name and preventing access to wp-login.php and wp-admin.Hides core update notifications from users who cannot update core. Please note that this only makes a difference in multi-site installations.Hides plugin update notifications from users who cannot update plugins. Please note that this only makes a difference in multi-site installations.Hides the login page (wp-login.php, wp-admin, admin and login) making it harder to find by automated attacks and making it easier for users unfamiliar with the WordPress platform.Hides theme update notifications from users who cannot update themes. Please note that this only makes a difference in multi-site installations.HostHost Lockout MessageHost or User LockoutHost/UserHostsHow many days should a lockout be remembered to meet the blacklist count above.How should event logs be keptIP Flagged by Network Brute Force ProtectionIf one had unlimited time and wanted to try an unlimited number of password combinations to get into your site they eventually would, right? This method of attack, known as a brute force attack, is something that WordPress is acutely susceptible to as, by default, the system doesn't care how many attempts a user makes to login. It will always let you try again. Enabling login limits will ban the host user from attempting to login again after the specified bad login threshold has been reached.If this box is checked the IP address of the offending computer will be added to the "Ban Users" blacklist after reaching the number of lockouts listed below.If this is incorrect, please update it on the WordPress General Settings page by selecting the appropriate time zone. Failure to set the correct timezone may result in unintended lockouts.If you contact support about this error, please provide the following debug details:If you need to manually add the wp-config.php rules generated by iThemes Security to your server, you can find them here.If you need to manually add the server config rules generated by iThemes Security to your server, you can find them here.If you're not using a proxy service such as Varnish, Cloudflare or others, turning this on may result in more accurate IP detection.Ignore File TypesIgnored File TypesImmediately ban a host that attempts to login using the "admin" username.Include SelectedInclude/Exclude FilesInclude/Exclude Files and FoldersIndividual IP addresses must be in IPv4 or IPv6 standard format (###.###.###.### or ####:####:####:####:####:####:####:####).Infected URL: %2$sIntegrated with iThemes Security, so you can release lockouts and turn Away Mode on or off right from your Sync dashboard or your phone.Invalid Login AttemptInvalid Login AttemptsInvalid UserIs your site as secure as it could be?Issues DetectedJoin a network of sites that reports and protects against bad actors on the internet.Last GeneratedLast RecordedLast RunLast sent on %sLearn MoreLearn simple WordPress security tips — including 3 kinds of security your site needs and 4 best security practices for keeping your WordPress site safe with our free guide.Limit the number of backups stored locally (on this server). Any older backups beyond this number will be removed. Setting to "0" will retain all backups.Limits the number of characters that can be sent in the URL. Hackers often take advantage of long URLs to try to inject information into your database.List ViewAdvancedAllRecommendedLists file and directory permissions of key areas of the site.Load File Permissions DetailsLocal Brute Force ProtectionLocal brute force protection looks only at attempts to access your site and bans users per the lockout rules specified locally. Network brute force protection takes this a step further by banning users who have tried to break into other sites from breaking into yours. The network protection will automatically report the IP addresses of failed login attempts to iThemes and will block them for a length of time necessary to protect your site based on the number of other sites that have seen a similar attack.LocationLockout PeriodLockout WhitelistLockout in Effect UntilLockoutsLog SummaryLog TypeLog user actions such as login, saving content and others.Logging settings can be managed in the Global Settings.Login Error MessagesLogin NowLogin SlugLogin URL: %sLogin with Email Address or UsernameLogsLong URL StringsLook up IP Address.MBMagic LinksMake the most of iThemes Security features with our free iThemes Security tutorials.MalwareMalware ScanMalware Scan ReportMalware Scan SchedulingMalware found on URLMalware scanning is temporarily unavailable, please try again later.Manage SettingsManage Your Sites RemotelyManage and configure email notifications sent by iThemes Security related to various settings modules.Manage and configure email notifications sent by iThemes Security related to various settings modules. If errors are encountered while sending notification emails, they will be reported here.Manage updates remotely for up to 10 WordPress sites today for free!Max Login Attempts Per HostMax Login Attempts Per UserMemory UsedMessageMessagesMinimum role at which a user must choose a strong password.MinutesMinutes to Remember 404 Error (Check Period)Minutes to Remember Bad Login (check period)ModifiedMonitor the site for unexpected file changes.MonthlyMonthly Security DigestMultiple Authentication Attempts per XML-RPC RequestMultiple versions of iThemes Security are active. Please disable all extra versions of iThemes Security.Multisite TweaksNGINX Conf FileNeed Help Securing Your Site?Network Brute Force ProtectionNetwork vs Local Brute Force ProtectionNew Admin UsernameNew Directory NameNew Login URLNew Notification from iThemes SecurityNew PasswordNew notifications available in the %1$sNotification Centre%2$s.New! Take your site security to the next level by activating iThemes Brute Force Network Protection.New! The iThemes Security dashboard just got a new look.Next automatic scan at: NoNo (default)No changes were detected.No items found.No lockouts since the last email check.No lockouts were selected for removal.Non-English CharactersNot yet sent.Note: After enabling this feature, you will be logged out and you will have to log back in. This is to prevent possible cookie conflicts that could make it more difficult to get in otherwise.Note: The output is limited to alphanumeric characters, underscore (_) and dash (-). Special characters such as "." and "/" are not allowed and will be converted in the same manner as a post title. Please review your selection before logging out.Note: The use of this tool requires quite a bit of system memory which may be more than some hosts can handle. If you back your database up you can't do any permanent damage but without a proper backup you risk breaking your site and having to perform a rather difficult fix.Note: These settings are listed as advanced because they block common forms of attacks, but they can also block legitimate plugins and themes that rely on the same techniques. When activating the settings below, we recommend enabling them one by one to test that everything on your site is still working as expected.Note: You cannot ban yourself.Notification CentreNotificationsOKOffOne TimeOne of the best ways to protect yourself from an attack is to have access to a database backup of your site. If something goes wrong, you can get your site back by restoring the database from a backup and replacing the files with fresh ones. Use the button below to create a backup of your database for this purpose. You can also schedule automated backups and download or delete previous backups.Override EndOverride Proxy DetectionOverride TypePHP in PluginsPHP in ThemesPHP in UploadsPassword ExpirationPath to Log FilesPayload:
%s
Per ContentPermanentlyPermissions for the directory %s could not be read as the directory could not be found.Permissions for the directory %s could not be read as the fileperms() function is disabled. This is a system configuration issue.Permissions for the file %s could not be read as the file could not be found.Permissions for the file %s could not be read as the fileperms() function is disabled. This is a system configuration issue.Please note that according to your WordPress Timezone settings your current time is:Please press Ctrl/Cmd+C to copy.Plugin Update NotificationsPowered by WordPressPress the button below to create a database backup using the saved settings.Press the button below to scan your site's files for changes. Note that if changes are found this will take you to the logs page for details.Prevent public access to readme.html, readme.txt, wp-config.php, install.php, wp-includes, and .htaccess. These files can give away important information on your site and serve no purpose to the public once WordPress has been successfully installed.Prevents error messages from being displayed to a user upon a failed login attempt.Prevents scripts and users from being able to write to the wp-config.php file and .htaccess file. Note that in the case of this and many plugins this can be overcome; however, it still does make the files more secure. Turning this on will set the UNIX file permissions to 0444 on these files and turning it off will set the permissions to 0664.Prevents users from seeing a list of files in a directory when no index file is present.PriorityPrivate, ticketed supportPrivilege EscalationProPro customers can contact iThemes Helpdesk for help. Our support team answers questions Monday – Friday, 8am – 5pm (CST).Problems FoundProtect Against TabnappingProtect System FilesProtect System Files - Security > Settings > System Tweaks > System FilesProtect your site against attackers that try to randomly guess login details to your site.Protect your site from bots by verifying that the person submitting comments or logging in is indeed human.Protect your site when outdated software is not updated quickly enough.Protect your site with automated malware scans. When this feature is enabled, the site will be automatically scanned each day. If a problem is found, an email is sent to select users.QueryQuick ban IP. Will be updated on next formal rules save.REST APIRead iThemes Security documentation and Frequently Asked Questions on the Codex.Read the latest in WordPress Security news, tips, and updates on iThemes Blog.ReasonReceive Email UpdatesReceive email updates about WordPress Security from iThemes.Receive email updates about WordPress Security from iThemes: %1$sRecipientRecipients of this email.Redirect All HTTP Page Requests to HTTPSRedirect All HTTP Page Requests to HTTPS - Security > Settings > Secure Socket Layers (SSL) > SSL for DashboardRedirect Location: %sRedirect users to a custom location on your site, instead of throwing a 403 (forbidden) error.Redirection SlugReduce Comment SpamReduce Comment Spam - Security > Settings > WordPress Tweaks > Comment SpamReferrerRegister SlugRegistration URL: %sRelative PathRelease Selected LockoutsRelease lockouts from the Active Lockouts section of the settings page.Release the permanent host ban from Ban Hosts list in the Banned Users section of the settings page.Reload File Permissions DetailsRemember, some of these settings might conflict with other plugins or themes, so test your site after enabling each setting.Remove File Writing PermissionsRemove the RSD (Really Simple Discovery) header.Remove the Windows Live Writer header.Removed FilesRemoves the RSD (Really Simple Discovery) header. If you don't integrate your blog with external XML-RPC services such as Flickr then the "RSD" function is pretty much useless to you.Request MethodsRequire SSLReset API KeyResetting...Resource ScannedRestore Default LocationRestore Default Log File PathRestricted Access (recommended)ResultResultsResults of previous malware scans can be found on the logs page.Run Secure Site AgainRun a Security Check ✓SSLSSL for DashboardSSL is an important feature for every site. It protects user accounts from being compromised, protects the content from modifications by ISPs and attackers, protects potentially-sensitive information submitted to the site from network sniffing, could speed up performance of your site (depending on server configuration), and could improve your site's search engine rankings.Save Locally OnlySave Locally and EmailSave SettingsScan DetailsScan Files NowScan Homepage for MalwareScan Next File ChunkScan SummaryScanning...ScheduleSchedule Database BackupsScheduled malware scanningSearchSearch ModulesSecuring Site...SecuritySecurity CheckSecurity DigestSecurity ResourcesSecurity error!Security warning in the URLSee what's newSelect "Yes" and save the settings to change the database table prefix.Select "Yes" and save the settings to undo the content directory change.Select AllSelect Filter: Select Role for Strong PasswordsSelect the type of restriction you would like to enable.Select what we should do with your backup file. You can have it emailed to you, saved locally or both.Select whether we should exclude files and folders selected or whether the scan should only include files and folders selected.Select which users should be emailed.Send an email with a Magic Link that bypasses a username lockout.Server Config RulesSettingsSettings Import and ExportSettings saved successfully for %1$s.Show DetailsShow Error CodesShow all datesSince you are using the free version of iThemes Security from WordPress.org, you can get free support from the WordPress community.Site Database Backup for %sSite Lockout NotificationSite LockoutsSite UsersSome features and settings are recommended for every site to run. This tool will ensure that your site is using these recommendations.Some plugins can create log files in your database. While these logs might be handy for some functions, they can also take up a lot of space and, in some cases, even make backing up your database almost impossible. Select log tables above to exclude their data from the backup. Note: The table itself will be backed up, but not the data in the table.Sorry, the update password request has expired. Please log in again.Specified when sendingSplit File ScanningSplit file checking into chunks.Splits file checking into 7 chunks (plugins, themes, wp-admin, wp-includes, uploads, the rest of wp-content and everything that is left over) and divides the checks evenly over the course of a day. This feature may result in more notifications but will allow for the scanning of bigger sites to continue even on a lower-end web host.Start DateStart TimeStart TimestampStatusStrength indicatorStrengthen the passwords on the site with automated password expiration.Strong Password EnforcementStrong PasswordsSubjectSubscribeSuccessSuccessfully removed the selected lockout.Sucessfully removed the selected lockouts.SuggestionSupply a new directory name and save the settings to change the location of the wp-content directory. You may need to log in again after performing this operation.SupportSuspicious Query StringsSystem FilesSystem TweaksTables for BackupTables with data that does not need to be backed upTake the guesswork out of WordPress security. iThemes Security offers 30+ ways to lock down WordPress in an easy-to-use WordPress security plugin.The "Write to Files" setting is disabled in Global Settings. In order to use this feature, you must enable the "Write to Files" setting.The "Write to Files" setting is disabled. Manual configuration for the %s file can be found on the Security > Settings page in the Advanced section.The %1$s and %2$s cannot be the same.The %1$s and %2$s must be before the %3$s and %4$s.The %1$s and %2$s settings restrict the current time and would result in locking you out immediately. Please select a %1$s and %2$s that does not restrict the current time.The %1$s and %2$s values resulted in a date and time of %3$s, which was unable to be processed properly. This could be an issue with PHP or a server configuration issue.The %1$s email list must be a string with each entry separated by a new line.The %1$s value cannot be empty.The %1$s value is not a valid username.The %1$s value must be a positive integer.The %1$s value must be a string with each entry separated by a new line.The %1$s value must be a string.The %1$s value must be a valid date in the format of YYYY-MM-DD.The %1$s value must be a valid date.The %1$s value must be a valid email address.The %1$s value must be an integer.The %1$sDatabase Backup%2$s module will send a copy of any backups to the email addresses listed below.The %1$sFile Change Detection%2$s module will email a file scan report after changes have been detected.The %s module is a Core module and cannot be activated or deactivated.The WordPress REST API is part of WordPress and provides developers with new ways to manage WordPress. By default, it could give public access to information that you believe is private on your site. For more details, see our post about the WordPress REST API here.The wp-content directory is available at %s.The Hide Back End feature is now active. Your new login URL is %1$s. A reminder has also been sent to the notification email addresses set in iThemes Security's Notification Centre.The Hide Back End feature is now active. Your new login URL is %1$s. Please note this may be different than what you sent as the URL was sanitised to meet various requirements. A reminder has also been sent to the notification email addresses set in iThemes Security's Notification Centre.The Hide Back End feature is now disabled. Your new login URL is %1$s. A reminder has also been sent to the notification email addresses set in iThemes Security's Notification Centre.The ITSEC_DISABLE_MODULES define is set. All iThemes Security protections are disabled. Please make the necessary settings changes and remove the define as quickly as possible.The Login Slug cannot be "%1$s" as WordPress uses that slug.The Security Digest reduces the number of emails sent so you can receive a summary of lockouts and file change detection scans.The Security Digest reduces the number of emails sent so you can receive a summary of lockouts, file change detection scans, and privilege escalations.The URL to your website.The WordPress Site Title. Can be changed under Settings -> General -> Site TitleThe WordPress salts were successfully regenerated.The backup request returned an unexpected response. It returned a response of type %1$s.The content directory cannot be changed to a blank directory name.The content directory was changed by something other than iThemes Security. No further actions are available on this page.The content directory was successfully changed back to %1$s.The content directory was successfully changed to %1$s.The data validator for %1$s is missing. Data for the module cannot be saved without the validator. This error could indicate a bad install of iThemes Security. Please remove the plugin and reinstall it. If this message persists, please contact support and send them this error message.The database table prefix was successfully changed to %1$s.The direction argument must be either "add", "clear", or "remove".The directory %s could not be created as a file with that name already exists.The directory %s could not be created as an existing parent directory could not be found.The directory %s could not be created as the mkdir() function is disabled. This is a system configuration issue.The directory %s could not be created due to an unknown error. This could be due to a permissions issue.The directory %s could not be protected from file listing as the directory does not exist.The directory %s could not be removed as the rmdir() function is disabled. This is a system configuration issue.The directory supplied in %1$s is not writable. Please select a directory that can be written to.The email address(es) this notification will be sent to. One address per line.The email value is missing.The file %1$s could not have its permissions updated as non-integer permissions were sent: (%2$s) %3$sThe file %s could not be removed as the unlink() function is disabled. This is a system configuration issue.The file %s could not have its permissions updated as the chmod() function is disabled. This is a system configuration issue.The file path supplied in %1$s cannot be used as it already exists but is not a file. Please supply a valid file path.The file path supplied in %1$s could not be created. Please supply a file path that can be written to.The file path supplied in %1$s is not writable. Please supply a file path that can be written to.The file path supplied in %1$s was successfully created, but it cannot be updated. Please supply a file path that can be written to.The following IP in %1$s is invalid: %2$lThe following IPs in %1$s are invalid: %2$lThe following IP in %1$s is whitelisted and cannot be banned: %2$lThe following IPs in %1$s are whitelisted and cannot be banned: %2$lThe following email in %1$s is invalid: %2$lThe following emails in %1$s are invalid: %2$lThe following email recipients are deprecated. Please create new users for these email addresses or remove them.The following entry in %1$s is invalid: %2$lThe following entries in %1$s are invalid: %2$lThe following extension in %1$s is invalid: %2$lThe following extensions in %1$s are invalid: %2$lThe following host in %1$s matches your current IP and cannot be banned: %2$sThe following is a summary of security-related activity on your site: %sThe following rules need to be written to your wp-config.php file. Please make sure to keep the comments in place.The following rules need to be written to your server's config file. Please make sure to keep the comments in place.The following settings modify the behaviour of many of the features offered by iThemes Security.The IP argument is missing.The length of time a host or user will be banned from this site after hitting the limit of bad logins. The default setting of 15 minutes is recommended as increasing it could prevent attacking IP addresses from being added to the blacklist.The login address for {{ $site_title }} has changed. The new login address is {{ $login_url }}. You will be unable to use the old login address.The login URL slug cannot be "login," "admin," "dashboard," or "wp-login.php" as these are used by default in WordPress.The malware scanner requires JavaScript in order to function. If JavaScript is disabled in your browser, please enable it. If Javascript is not disabled, a script from another plugin, the theme, or a broken WordPress file is preventing the malware scanner's script from executing properly. Please try disabling other plugins to see if that resolves the issue.The message to display to a user when their IP has been flagged as bad by the iThemes network.The message to display to a user when their account has been locked out.The message to display when a computer (host) has been locked out.The new directory name cannot be an absolute path. Please supply a path that is relative to ABSPATH (%s).The new directory name cannot be the same as the current directory name. Please supply a new directory name.The new login link.The number of days between database backups.The number of days database logs should be kept. File logs will be kept indefinitely but will be rotated once the file hits 10MB.The number of lockouts per IP before the host is banned permanently from this site.The number of login attempts a user has before their host or computer is locked out of the system. Set to 0 to record bad login attempts without locking out the host.The number of login attempts a user has before their username is locked out of the system. Note that this is different from hosts in case an attacker is using multiple computers. In addition, if they are using your login name you could be locked out yourself. Set to 0 to log bad login attempts per user without ever locking the user out (this is not recommended).The number of minutes in which 404 errors should be remembered and counted towards lockouts.The number of minutes in which bad logins should be remembered.The number of errors (within the check period time frame) that will trigger a lockout. Set to zero (0) to record 404 errors without locking out users. This can be useful for troubleshooting content or other errors. The default is 20.The password has not been updated.The path on your machine where backup files should be stored.The path on your server where log files should be stored.The path on your server where the nginx config file is located.The requested module (%s) does not exist. Settings for it cannot be rendered.The requested widget (%s) does not exist. Logs for it cannot be rendered.The requested widget (%s) does not exist. Settings for it cannot be rendered.The scan did not complete successfully. Sucuri sent the following error: %sThe scan did not complete successfully. The Sucuri server should send its response in JSON encoding. The data received from the Sucuri server could not be decoded. In addition, a content type of %s was received when a content type of application/json was expected. This could indicate a temporary issue with the Sucuri servers.The scan did not complete successfully. The Sucuri server should send its response in JSON encoding. The response indicates that the encoding is JSON, but the data could not be decoded. This problem could be due to a temporary Sucuri server issue or a compatibility issue on your server. If the problem continues, please contact iThemes Security support.The scan failed due to an unexpected technical error. The response from the wp_remote_get function contains an empty body entry. Since the body entry contains the response for the request to Sucuri's servers, the response cannot be processed. This could indicate a plugin/theme compatibility issue or a problem in WordPress.The scan failed due to an unexpected technical error. The response from the wp_remote_get function does not contain a body entry. Since the body entry contains the response for the request to Sucuri's servers, the response cannot be processed. This could indicate a plugin/theme compatibility issue or a problem in WordPress.The scan failed due to an unexpected technical error. The response from the wp_remote_get function is missing some critical information that is needed in order to properly process the response from Sucuri's servers. This could indicate a plugin/theme compatibility issue or a problem in WordPress.The scan failed to properly scan the site.The selected restriction date and time has already ended. Please select an %1$s and %2$s that has not already ended.The selected restriction date and time has already started and would result in locking you out immediately. Please select a %1$s and %2$s that has not already started.The server did not receive a valid request. An unknown "method" argument was supplied. Please try again.The server did not receive a valid request. The required "data" argument for the module is missing. Please try again.The server did not receive a valid request. The required "data" argument for the widget is missing. Please try again.The server did not receive a valid request. The required "method" argument is missing. Please try again.The server did not receive a valid request. The required "module" argument is missing. Please try again.The settings could not be saved due to an unknown error. Please try refreshing the page and trying again.The settings could not be saved. Please correct the error above and try again.The settings could not be saved. Please correct the errors above and try again.The settings saved successfully.The slug to redirect users to when they attempt to access wp-admin while not logged in.The supplied data is invalid. The supplied start (%1$s) is after the supplied end (%2$s).The supplied email address (%s) is invalid. A valid email address is required in order to sign up for the Network Bruteforce Protection by iThemes.The supplied module (%s) is not recognised. The module settings could not be saved.The updates_optin value is missing.The user changes have not been saved.The user has not been created.The user was successfully updated.The user was unable to be successfully updated. This could be due to a plugin or server configuration conflict.The valid value for %1$s is: %2$l.The valid values for %1$s are: %2$l.Theme Update NotificationsThere are no active lockouts at this time.There are no added files to reportThere are no changed files to reportThere are no deleted files to reportThere are no rules that need to be written.There is nothing that needs to be written to your wp-config.php file.There was an error returned from the Network Brute Force Protection API: %1$sThese are advanced settings that may be utilised to further strengthen the security of your WordPress site.These are very often signs of someone trying to gain access to your site but some plugins and themes can also be blocked.This email was generated by the iThemes Security plugin on behalf of %s.This email was generated by the iThemes Security plugin.This feature allows you to completely ban hosts and user agents from your site without having to manage any configuration of your server. Any IP addresses or user agents found in the lists below will not be allowed any access to your site.This feature will improve the security of your WordPress installation by removing common user attributes that can be used to target your site.This forces users to choose a unique nickname when updating their profile or creating a new account which prevents bots and attackers from easily harvesting user's login usernames from the code on author pages. Note this does not automatically update existing users as it will affect author feed URLs if used.This has been disabled.This is a test file generated by iThemes Security. It can be removed.This is not needed if you do not use Windows Live Writer or other blogging clients that rely on this file.This makes it harder for bots to determine usernames by disabling post archives for users that don't post to your site.This malware scan is powered by Sucuri SiteCheck. It checks for known malware, blacklisting status, website errors and out-of-date software. Although the Sucuri team does its best to provide thorough results, 100%% accuracy is not realistic and is not guaranteed.This notification supports email tags. Tags are formatted as follows %s.This option will cut down on comment spam by denying comments from bots with no referrer or without a user-agent identified.This path must be writable by your website. For added security, it is recommended you do not include it in your website root folder.This tool provides an undo feature after changing the Content Directory. Since not all plugins, themes, or site contents function properly with a renamed Content Directory, please verify that the site is functioning correctly after the change. If any issues are encountered, the undo feature should be used to undo the change. Please note that the undo feature is only available when the changes added to the wp-config.php file for this feature are unmodified.This whitelist will prevent any IP listed from triggering an automatic lockout. You can still block the IP address manually in the banned users settings.TimeTime when the admin dashboard should become available again.Time when the admin dashboard should become unavailable.To adjust logging options visit the global settings page.To get started with iThemes Network Brute Force Protection, please supply your email address and save the settings. This will provide this site with an API key and starts the site protection.To unsubscribe from these notifications, please %1$scontact the site administrator%2$s.To unsubscribe from these updates, visit the %1$sSettings page%2$s in the iThemes Security plugin menu.To view logs within the plugin you must enable database logging in the Global Settings. File logging is not available for access within the plugin itself.TodayTomorrowTotal ScansTry iThemes Sync for FreeTurning this feature on will enable compatibility with InfiniteWP. Do not turn it on unless you use the InfiniteWP service.TutorialsTwo-Factor AuthenticationTwo-Factor Authentication greatly increases the security of your WordPress user account by requiring additional information beyond your username and password in order to log in.Two-factor authenticationType of RestrictionType: %1$sURL%1$s - Expires in %2$sUnable to change the content directory back to wp-content. If the above error cannot be fixed, you may need to manually change the content directory. Instructions on how to change the content directory manually can be found here.Unable to change the content directory. If the above error cannot be fixed, you may need to manually change the content directory. Instructions on how to change the content directory manually can be found here.Unable to create a backup at this time since a backup is currently being created. If you wish to create an additional backup, please wait a few minutes before trying again.Unable to create the backup directory due to an unknown error.Unable to find a valid settings object for %s. Setting was unable to be saved.Unable to find a valid settings object for %s. Settings were unable to be saved.Unable to read %1$s due to the following error: %2$sUnable to read the wp-config.php file in order to update the Database Prefix. Error details as follows: %1$sUnable to read the wp-config.php file in order to update the salts. You will need to manually update the file. Error details as follows: %1$s (%2$s)Unable to remove %1$s due to the following error: %2$sUnable to remove %s due to an unknown error.Unable to rename the %1$s directory to %2$s. This could indicate a file permission issue or that your server does not support the supplied name as a valid directory name. No config file or directory changes have been made.Unable to set the permissions of the new Directory Name (%1$s) to match the permissions of the old Directory Name. You may have to manually change the permissions of the directory to %2$s in order for your site to function properly.Unable to strip comments from the source code as the token_get_all() function is disabled. This is a system configuration issue.Unable to strip comments from the source code as the token_get_all() function returned an unrecognised value (type: %s)Unable to update the wp-config.php file in order to update the Database Prefix. Error details as follows: %1$sUnable to update the wp-config.php file in order to update the salts. You will need to manually update the file. Error details as follows: %1$s (%2$s)Unable to update the wp-config.php file. No directory or config file changes have been made. The error that prevented the file from updating is as follows: %1$sUnable to write the backup file. This may be due to a permissions or disk space issue.Undo Content Directory ChangeUnknown contacts for %1$s, %2$l.Unknown error encountered while sending.Unknown error type received: %1$s.Unknown schedule for %1$s, %2$s.Unknown tags for %1$s, %2$l.Update PasswordUpdate the secret keys WordPress uses to increase the security of your site.Updates to wp-config.php are disabled via a filter.Use the button below to purge the log table in your database. Please note this will purge all log entries in the database including 404s.Use the guidelines below to enter hosts that will not be allowed access to your site.Use the guidelines below to enter hosts that will not be locked out from your site. This will keep you from locking yourself out of any features if you should trigger a lockout. Please note this does not override away mode and will only prevent a temporary ban. Should a permanent ban be triggered you will still be added to the "Ban Users" list unless the IP address is also whitelisted in that section.Use the guidelines below to enter user agents that will not be allowed access to your site.Use the white list above to prevent recording common 404 errors. If you know a common file on your site is missing and you do not want it to count towards a lockout record it here. You must list the full path beginning with the "/".UserUser Lockout MessageUser LoggingUser Security CheckUsernameUsername OnlyUsersValueVarious modules send emails to notify you when a user or host is locked out of your website.Version ManagementView LogsVisit Banned Users SettingsVisit Settings PageWARNINGWant two-factor authentication, scheduled malware scanning, ticketed support and more?WarningWarning: If your site invites public registrations setting the role too low may annoy your members.WebsiteWeeklyWeekly Security DigestWhen the button below is clicked the following modules will be enabled and configured:Whether or not iThemes Security should be allowed to write to wp-config.php and .htaccess automatically. If disabled you will need to manually place configuration options in those files.White ListedWhole SiteWhy go Pro? Check out the Free/Pro comparison chart.Wildcards are also supported with some limitations. If using wildcards (*), you must start with the right-most chunk in the IP address. For example ###.###.###.* and ###.###.*.* are permitted but ###.###.*.### is not. Wildcards are only for convenient entering of IP addresses, and will be automatically converted to their appropriate CIDR notation format on save.Windows Live Writer HeaderWith Network Brute Force Protection, your site is protected against attackers found by other sites running iThemes Security. If your site identifies a new attacker, it automatically notifies the network so that other sites are protected as well. To join this site to the network and enable the protection, click the button below.WordPress Login Address ChangedWordPress SaltsWordPress TweaksWordPress uses the "action" variable to handle many login and logout functions. By default this plugin can handle the normal ones but some plugins and themes may utilise a custom action (such as logging out of a private post). If you need a custom action, please enter it here.WordPress' XML-RPC feature allows external services to access and modify content on the site. Common example of services that make use of XML-RPC are the Jetpack plugin, the WordPress mobile app, and pingbacks. If the site does not use a service that requires XML-RPC, select the "Disable XML-RPC" setting as disabling XML-RPC prevents attackers from using the feature to attack the site.WordPress' XML-RPC feature allows hundreds of username and password guesses per request. Use the recommended "Block" setting below to prevent attackers from exploiting this feature.Write to FilesXML-RPCXML-RPC services are disabled on this site.YesYou can use HTML in your message. Allowed HTML includes: %l.You can use HTML in your message. Allowed tags include: a, br, em, strong, h1, h2, h3, h4, h5, h6, div.You do not have sufficient permission to access this endpoint. Access to REST API requests is restricted by iThemes Security settings.You have been locked out due to too many invalid login attempts.You may ban users by individual IP address or IP address range using wildcards or CIDR notation.You may need to turn this off if you are having problems with backups.You may whitelist users by individual IP address or IP address range using wildcards or CIDR notation.You must change WordPress permalinks to a setting other than "Plain" in order to use this feature.You must check the Change WordPress Salts checkbox in order to change the WordPress salts.You must restart your NGINX server for the changes to take effect.Your Daily Security Digest for %sYour IP address has been flagged as a threat by the iThemes Security network.Your Monthly Security Digest for %sYour Nickname must be different than your login name. Please choose a different Nickname.Your Security Digest for %sYour Weekly Security Digest for %sYour current database table prefix is %1$s.Your current settings are configured as follows:Your database containsYour database is using the default table prefix wp_. You should change this.Your lockout settings can be configured in Global Settings.Your profile has not been updated.Your site appears to support SSL. It is highly recommended that you select the "Enabled" setting below. This redirects all http traffic to your site to the https address, thus requiring everyone to access the site via SSL. In other words, it will force everyone to use a secure connection to the site.Your site does not appear to support SSL. Only enable SSL if you know that the site properly supports SSL since enabling it on a site that does not properly support it will block all access to the site.Your site is now using Network Brute Force Protection.Your site might support SSL. If the site is configured with a valid certificate that is not self-signed, it is highly recommended that you select the "Enabled" setting below. This redirects all http traffic to your site to the https address, thus requiring everyone to access the site via SSL. In other words, it will force everyone to use a secure connection to the site.Zip Database Backups[%1$s] %2$semail to backup recipients could not be sent.emailed to backup recipientsemailed to backup recipients and saved locallyerrorhttps://ithemes.comhttps://ithemes.com/securityhttps://wordpress.org/iThemesiThemes SecurityiThemes Security LogsiThemes Security SettingsiThemes Security can log events in multiple ways, each with advantages and disadvantages. Database Only puts all events in the database with your posts and other WordPress data. This makes it easy to retrieve and process but can be slower if the database table gets very large. File Only is very fast but the plugin does not process the logs itself as that would take far more resources. For most users or smaller sites Database Only should be fine. If you have a very large site or a log processing software then File Only might be a better option.iThemes Security noticed file changes in your WordPress site. Please review the logs to make sure your system has not been compromised.iThemes Security preserved the following settings as removing them could prevent the site from functioning correctly.iThemes Security received a request to modify the override behaviour of the Away Mode module. However, the request is invalid as the module is configured for a one-time lockout that occurred in the past. Allowing an activate override would result in an unending Away Mode lockout.iThemes Security received a request to modify the override behaviour of the Away Mode module. However, the request is invalid as the required "intention" argument is missing.iThemes Security received a request to modify the override behaviour of the Away Mode module. However, the request is invalid as the required "intention" argument is set to an unrecognised value: "".iThemes Security requires JavaScript in order for the settings to be modified. Please enable JavaScript to configure the settings.log entries.no%1$s of %2$sreCAPTCHAAll %s userssaved locallysaved locally but email to backup recipients could not be sent.%1$s %2$s%1$s %2$s %3$stoo many attempts to access a file that does not existtoo many bad login attemptsuser tried to login as "admin."wp-config.php rulesyes