The Wayback Machine - https://web.archive.org/web/20210510182656/https://jetpack.com/features/security/library/better-wp-security-plugin/

Is "iThemes Security (formerly Better WP Security)" safe?

WordPress Plugin security and safety information.

Rating: Good (current version safe) Recommendations

iThemes Security (formerly Better WP Security): Plugin Details

Type: Plugin
Author: iThemes
URL: https://wordpress.org/plugins/better-wp-security/
Latest Version: 7.9.1

 

iThemes Security (formerly Better WP Security): Security Information

Insecure versions: Up To 7.9.0
Known since: 2021-04-22 09:00:29
Description: Versions of iThemes Security Free before 7.9.1 and Pro before 6.8.4 have a low severity vulnerability that allows an attacker to bypass the Hide Backend feature of the plugin, giving a false sense of security.


Insecure versions: Up To 7.0.2
Known since: 2018-06-27 16:19:54


Insecure versions: Up To 6.9.0
Known since: 2018-03-06 02:26:33


Insecure versions: Up To 5.6.1
Known since: 2016-10-10 15:00:34


Insecure versions: Up To 5.3.5
Known since: 2016-04-26 23:17:38


Insecure versions: Up To 5.3.4
Known since: 2016-04-06 19:13:44


Insecure versions: Up To 3.2.4
Known since: 2015-11-25 04:38:27


Insecure versions: Up To 4.6.12
Known since: 2015-09-13 21:01:31


Insecure versions: Up To 3.2.4
Known since: 2014-03-18 20:05:53
Description: Better WP Security <= 3.2.4 - Cross Site Scripting
More Information:


Insecure versions: Up To 3.4.3
Known since: 2014-03-18 20:05:53
Description: Better WP Security 3.4.3 - Multiple XSS
More Information:


Insecure versions: Up To 3.5.3
Known since: 2014-03-18 20:05:53
Description: Better WP Security <= 3.5.3 - inc/secure.php logevent Function URL Handling Stored XSS


Insecure versions: Up To 3.5.5
Known since: 2014-03-18 20:05:53
Description: Better WP Security 3.5.5 - inc/admin/content.php id_specialfile Parameter Stored XSS


Insecure versions: Up To 3.6.3
Known since: 2014-03-18 20:05:53
Description: Better WP Security 3.6.3 - /wp-admin/admin-ajax.php license Parameter Stored XSS Weakness
More Information:


Insecure versions: Up To 3.6.3
Known since: 2014-03-18 20:05:53
Description: Better WP Security 3.6.3 - /wp-admin/admin-ajax.php license Parameter Stored XSS Weakness
More Information:


 

iThemes Security (formerly Better WP Security): Safety Recommendations

We have rated iThemes Security (formerly Better WP Security) as Good (current version safe) which means that we have found vulnerabilities in older versions.

We recommend that you only use the latest version of iThemes Security (formerly Better WP Security).

iThemes Security (formerly Better WP Security): Staying Up-to-date

Make sure your installation of iThemes Security (formerly Better WP Security) is safe with the following free Jetpack services for WordPress sites:
  • Updates & Management
    Turn on auto-updates for iThemes Security (formerly Better WP Security) or manage in bulk.
  • Prevent Infiltrations
    Automatic protection against brute force attacks and secure sign on.

Choose Your Plan

iThemes Security (formerly Better WP Security): Keeping Safe

If you're running a business, ecommerce, news, or other critical website, Jetpack also provides additional indispensable services:
  • Automated Backups
    Full backup of your entire site with unlimited storage space.
  • Restores & Migrations
    Restore or migrate your site from a backup with one click.
  • Security Scanning
    Regular, automated scans of your site for malware, threats, and hacks.
  • Expert Support
    Fast, priority support for any WordPress security issue.

Choose Your Plan

About this information

This WordPress security information is part of our security library and is brought to you by Jetpack as part of our committment to a safer WordPress experience.

If you have any questions, please do not hesitate to contact us.