New! Save Time Securing WordPress With User Groups

The iThemes Security Pro plugin helps you lock down your WordPress website at the user level with the User Security Check and User Logging features. Today, we are excited to roll out a new User Groups feature that gives you the power to enforce the right level of security for different types of users.

Introducing User Groups: The Right Amount of Security for The Right People

There is a balance of restriction and usability that you must strike when implementing a security strategy. Using the new User Groups, you can create a group of everyone who can make changes to your site and give them the freedom to change security settings.

Any user that can change your website becomes a security threat when their access falls into the wrong hands. With great power comes great responsibility. Any group that has the power to change your site has the responsibility to secure their account with two-factor authentication.

Whether you are running an eCommerce shop or a membership site, you have a group of users who don’t have the power to do any damage outside their account. While giving your customers the tools to protect their accounts is helpful, it doesn’t mean you have to require them to use them.

How To Create A Custom User Group

To create a custom group, click on the User Groups module from the main page of the Security settings.

Now click on the + New Group Button.

Enter a name for your group and then select its members. User Groups have two different methods of selecting group members.

1. The first and recommended selection method is the WordPress User Roles you already have on your site. Check the boxes next to the user role(s) you want to include in this group, and then click the Create button to finish creating the group. 
2. The second method of selection is the WordPress users on your site. Enter the name of the users in the Select Users search field to add the users to the group. Click the Create button to finish creating your new group.

You don’t need to create custom groups to use the new User Groups. After installing or upgrading iThemes Security Pro, User Groups will automatically create groups from your existing WordPress user roles.

Manage All User Security Settings From One Location

There are several settings in iThemes Security Pro that, by design, will affect how people will interact with your site. Two-factor authentication will require additional verification to log in, and with Password Logins, you use a Magic Link from an email, bypassing the traditional WordPress login.

With User Groups, you can quickly see which settings are enabled and make modifications without hopping around to the different settings in iThemes Security Pro. Click the toggle switch next to a setting to change if it is enabled or disabled.

User Group Settings

1. Global – When enabled, the users in the group will be able to access and make changes to the iThemes Security Pro settings.
2. Dashboard – Allow the group users to create new iThemes Security Dashboards.
3. Grade Report – Enable group users to view the iThemes Security Grade report.
4. Force Two-Factor – Force the users in the group to use two-factor authentication on their account.
5. Disable Two-Factor Onboarding – Disable the two-factor onboarding for users in the group.
6. Allow Remembering Device – Allow users to check a “Remember this Device” box that, if checked, will not prompt the user for a Two-Factor code for the next 30 days on the current device. Requires the Trusted Devices feature.
7. Applications Passwords – Allow the users in the group to use application passwords.
8. User Logging – When enabled, the users in the group will have their activity recorded in the iThemes Security logs.
9. Password Logins – Allow the group users to use the Passwordless Login method.
10. Allow Two-Factor Bypass for Passwordless Login – Users in the group can bypass any 2FA requirements using the Passwordless Login method.
11. Trusted Devices – Enable Trusted Devices for this group.

Updated Security Modules

After making changes to a User Group, the settings will automatically be updated in the corresponding settings module. For example, if we force our Power User Group to use two-factor authentication, the Two-Factor settings will be updated to reflect the change.

If you add or remove the two-factor requirement inside the 2FA settings, the changes will be updated in the corresponding User Group.

New! Frictionless Sync Pro Connection

When connecting a site from the iThemes Sync Pro dashboard, Sync will check to see if iThemes Security Pro is installed. If it is, Sync Pro will hook into Security Pro to complete the connection even if you secure your WordPress login with two-factor authentication and reCAPTCHA.

Wrapping Up

User Groups give you a central location to enable the right settings for the right people.