The Evolution: Better WP Security to Kadence Security

If you have been in the WordPress ecosystem for a while, you likely remember Better WP Security. Over the years, it evolved into iThemes Security, became recognized as one of the most trusted security plugins on the market, and has now officially transitioned into Kadence Security under the Nexcess/StellarWP umbrella.

Despite the name changes, its core mission remains the same: providing a proactive, strategic approach to WordPress website security that shields your site from cyberattacks, brute force attempts, and malware infections.

Key Features of Kadence Security

With an average of 30,000 websites hacked every day, leaving your WordPress default login exposed is no longer an option. Kadence Security offers a robust suite of tools designed to lock out bad actors automatically.

Top Free Features

• Local & Network Brute Force Protection: Automatically identifies and stops the most common method of attack on WordPress sites. If an IP is flagged for attacking other sites in the Kadence network (nearly 1 million sites strong), it is preemptively blocked from yours.
• Two-Factor Authentication (2FA): Make your WordPress login nearly impenetrable by requiring users to enter a security code (via Google Authenticator, Authy, or email) alongside their password.
• Site Scanner & File Change Detection: Schedules daily checks for known vulnerabilities in WordPress core, plugins, and themes. It also logs unauthorized changes made to your website’s files.
• Security Site Templates: Apply the perfect security configuration based on your site type (eCommerce, Blog, Brochure, Network, or Portfolio) with a single click.
• Database Backups: Create scheduled backups of your WordPress database to ensure you can quickly recover if the worst happens.

Premium Features (Pro Version)

For mission-critical websites, Kadence Security Pro introduces advanced enterprise-grade protections:

• Automated Vulnerability Patching (Patchstack): Virtually patches known vulnerabilities in plugins or themes before the developer even releases an official update.
• Passwordless Logins & Magic Links: Secure your user accounts with strong security while allowing verified users to log in with the click of an email link.
• Trusted Devices & Privilege Escalation: Restrict administrator access to known, trusted devices only, and grant safe, temporary admin access to developers when needed.
• Comprehensive User Activity Logging: Keep a meticulous record of user activity, including logins, content edits, and plugin changes.

How to Set Up Kadence Security in Under 10 Minutes

One of the biggest selling points of Kadence Security is its streamlined onboarding wizard. Here is how to configure it:

1. Install & Activate: Go to your WordPress dashboard, navigate to Plugins > Add New, search for “Kadence Security” (or better-wp-security), and click Install and Activate.
2. Launch the Setup Wizard: Click on the new Security tab in your dashboard. The onboarding wizard will launch automatically.
3. Choose Your Site Type: Select the template that best matches your website (e.g., eCommerce, Blog, or Non-Profit). This automatically configures baseline rules.
4. Define User Groups: Decide which user roles (Admin, Editor, Customer) are required to use strict password policies or 2FA.
5. Enable Brute Force Protection: Ensure both Local and Network brute force protections are toggled on to join the community blocklist.
6. Save & Monitor: Save your settings. You can now monitor blocked attacks and site health via the dynamic Real-Time Security Dashboard.

Frequently Asked Questions